4
•
At the Web UI
5
, select the
Properties
tab.
•
Select the following entries from the
Properties
'
Content
menu’:
Connectivity
Protocols
IP
.
(Internet Protocol)
•
Enter the domain name in the ‘
Domain Name
’ text box and the machine name in the ‘
Host Name
’ text box inside the
General
group box.
•
Select the [
Apply
] button to save the domain and host names entered.
l).
When utilizing Secure Sockets Layer (SSL):
•
For the purposes of the evaluation, the maximum validity of digital certificates was set to 180 days.
•
If a self-signed certificate is to be used the generic Xerox root CA certificate should be downloaded from the device and
installed in the certificate store of the user's browser.
m).
HTTPS is enabled in the evaluated configuration. To enable HTTPS (SSL):
•
At the Web UI, select the
Properties
tab.
•
Follow the “Security Certificates” instructions starting on page 88 of the SAG to install on the device either a self-signed
digital certificate or a digital certificate signed by a Certificate Authority (CA).
•
Select the following entries from the
Properties
'
Content
menu’:
Connectivity
Protocols
HTTP
.
•
Select the Secure HTTP (SSL)
Enabled
checkbox in the
Configuration
group box and enter the desired HTTPS port
number in the Port Number text box.
•
Select the [
Apply
] button.
n).
When utilizing Secure Sockets Layer (SSL) for secure scanning:
•
SSL should be enabled and used for secure transmission of scan jobs.
•
When storing scanned images to a remote repository using an https: connection, a Trusted Certificate Authority
certificate should be uploaded to the device so the device can verify the certificate provided by the remote repository.
•
When an SSL certificate for a remote SSL repository fails its validation checks the associated scan job will be deleted
and not transferred to the remote SSL repository. The System Administrator should be aware that in this case the job
status reported in the Completed Job Log for this job will read: “Job could not be sent as a connection to the server
could not be established”.
o).
To be consistent with the evaluated configuration, the HTTPS protocol should be used to send scan jobs to a remote IT
product.
p).
To be consistent with the evaluated configuration, protocol choices for remote authentication should be limited to
[
Kerberos (Solaris)
], [
Kerberos (Windows)
] or [
LDAP
].
The device supports other protocol options.
Choose the protocol
option that best suits your needs. The System Administrator should be aware, however, that remote authentication using
Kerberos will not work with Windows Server 2003.
In the case of LDAP/LDAPS the System Administrator should ensure that SSL is enabled as discussed in Step 5 under
“Configuring LDAP Server Optional Information” on page 46 in the SAG. Make sure that [
Enable SSL
] under SSL is selected.
q).
To be consistent with the evaluated configuration, the device should be set for local authorization. Remote authorization
was not evaluated since that function is performed external to the system.
Choose the authorization option that best suits
your needs.
r).
As part of the evaluated configuration, encryption of transmitted and stored data by the device must meet the FIPS 140-2
Standard. To enable the use of encryption in “FIPS 140 mode” and check for compliance of certificates stored on the device
to the FIPS 140-2 Standard follow the instructions on page 76 of the SAG.
Note that the Mocana crypto module that implements IPSec and Disk Encryption was validated for the operating
environment that corresponds to the one used on this product. However, as of this date the operating environment used on
this product differs in terms of Linux flavor and CPU from that which the OpenSSL crypto module that implements SSL was
validated against.
s).
In viewing the Audit Log the System Administrator should note the following:
•
Deletion of a file from Reprint Saved Job folders or deletion of a Reprint Saved Job folder itself is recorded in the Audit
Log.
5
From here on the directions assume that the Web UI has been accessed already by following the “Accessing CentreWare IS” instructions on page
17 of the SAG.
