Basic Concepts
System Administrator Guide
4-3
About HTTP, HTTPS, and SSL/TLS
HTTP (Hyper Text Transfer Protocol) is the protocol used to communicate across the internet
between the printer web server and the web browser (clients). Because the data is transmitted
in plain text and passwords are only slightly encrypted, it is not secure; the data can be read or
intercepted by other people.
HTTPS (Secure Hyper Text Transfer Protocol) is a secure version of HTTP. HTTPS provides
authentication and encrypted communication to preserve the confidentiality of your data.
Instead of using plain text, HTTPS uses either the SSL (Secure Socket Layer) protocol or the
TLS (Transport Layer Security) protocol to encrypt data, thus ensuring reasonable protection
from eavesdroppers and man-in-the-middle attacks.
Before using HTTPS, you must set up a certificate and select when to use SSL to encrypt data.
You can set the printer to use SSL either to secure web pages that use passwords or to secure
all web pages.
See also:
About Certificates
on page 4-3
Setting Up a Certificate
on page 4-6
Configuring SSL
on page 4-7
About Certificates
A certificate is an electronic message containing information about the printer and a digital
signature. A certificate is stored in the printer and is used to validate the identity of the printer
to clients and network servers and to allow encrypted communication.
For maximum security, before configuring passwords, set up a certificate and then configure
SSL to encrypt data including passwords. You can set up a self-signed certificate or download
a root-signed certificate, depending on your requirements.
See also:
Self-Signed Certificates
on page 4-3
Root-Signed Certificates
on page 4-4
Self-Signed Certificates
Setting up a self-signed certificate is a quick and easy way to establish a certificate on the
printer. The printer automatically generates a default self-signed certificate when the printer is
turned on for the first time. To modify the certificate so it is specific to your printer, use
CentreWare IS to enter information about the location of the printer.
While self-signed certificates are safe for most applications and allow data encryption, they do
not ensure valid authentication. Self-signed certificates are not necessarily secure because the
certificate owner is only confirming his own identify instead of verification by a trusted third
party. Although self-signed certificates encrypt the data that is exchanged, they do not prevent
man-in-the-middle attacks.