Security
102
WorkCentre 7800 Series Multifunction Printer
System Administrator Guide
Security Certificates
A digital certificate is a file that contains data used to verify the identity of the client or server in a
network transaction. A certificate also contains a public key used to create and verify digital signatures.
One device proves its identity to another by presenting a certificate trusted by the other device. Or, the
device can present a certificate signed by a trusted third party and a digital signature proving its
ownership of the certificate.
A digital certificate includes the following data:
•
Information about the owner of the certificate
•
The certificate serial number and expiration date
•
The name and digital signature of the certificate authority (CA) that issued the certificate
•
A public key
•
A purpose defining how the certificate and public key can be used
There are three types of certificates:
•
A Device Certificate is a certificate for which the printer has a private key. The purpose specified in
the certificate allows it to be used to prove identity.
•
A CA Certificate is a certificate with authority to sign other certificates.
•
A Trusted Certificate is a self-signed certificate from another device that you want to trust.
Installing Certificates
To ensure that the printer can communicate with other devices over a secure trusted connection, both
devices must have specific certificates installed.
For protocols such as HTTPS, the printer is the server, and must prove its identity to the client Web
browser. For protocols such as 802.1X, the printer is the client, and must prove its identity to the
authentication server, typically a RADIUS server.
For features that use these protocols, perform the following tasks:
•
Install a device certificate on the printer.
Note:
When the printer uses HTTPS, a Xerox
®
Device Certificate is created and installed on the
printer automatically.
•
Install a copy of the CA certificate that was used to sign the device certificate of the printer on the
other device.
Protocols such as LDAP and IPsec require both devices to prove their identity to each other.