Encryption service overview, Types of encryption services available – Xerox 7245 User Manual
Page 207
207
Security – SSL/TLS Encryption
Encryption Service Overview
Note: You may have to purchase the Security Kit option to enable encryption with your Device. If
you cannot generate a self-signed certificate, or enable SSL/TLS Communication, as stated under
Configuration of HTTP Communication Encryption, in this section, contact your Xerox Representative
to purchase the option.
Types of Encryption Services Available
The communication data between the machine and computers on a network can be encrypted.
Encryption for the machine, as described in this section, is set up using Internet Services. Internet
Services are a series of Web (HTML) Pages located within the Device enabling network communication
settings to be conveniently configured from a web browser running on a remotely located workstation.
For help with specific terminology as encryption is being set up on the machine, refer to the CentreWare
Internet Services online help.
Note that the quickest and easiest, although not the most “trusted,” method to use to set up initial HTTP
communication encryption is the generation of a self-signed certificate (as stated under Configuration of
HTTP Communication Encryption, in this section).
Upon the creation of at least one certificate on the machine, and the rebooting of the machine, once the
web browser application has been refreshed, a Certificate Management hot link will become available
under the PKI Settings folder on the Properties page of Internet Services. Use this link to manage all the
digital certificates, of various types, stored on the machine.
Encryption of HTTP Communications from a Client to the Machine (Server Certificate)
The SOAP port, Internet service (HTTP) port, IPP port, and WebDAV port use the HTTP server of the
machine.
The SSL/TLS suite of protocols is used in the encryption of HTTP communications from a client to the
machine. A user of a client workstation accesses the machine’s HTTP server by typing https://, followed
by the IP address of the machine, into the Address box of a web browser application. The machine then
offers the client a Digital Certificate, which the client accepts (after reviewing the validity of same). Upon
acceptance of the Digital Certificate, a Public Key exchange takes place, encryption algorithms are
agreed upon between the two parties, and the client uses the server’s Public Key to communicate with
the server using digitally signed and encrypted data.
Digital certificates imported from a Certificate Authority, or self-signed certificates created with
CentreWare Internet Services, can be used as SSL/TLS certificates on the machine’s HTTP server.
Encryption of HTTP Communications from the Machine to a Remote Server (Client Certificate)
The SSL/TLS suite of protocols is used to encrypt HTTP communications with a remote server.
No client certificate is typically required for this activity. However, if a remote server is set to require an
SSL client certificate, an SSL/TLS client certificate must be registered on the machine.
Digital certificates imported from a Certificate Authority can be used as SSL/TLS certificates on the
machine’s HTTP server.
Note: When Remote Server Certificate Validation is enabled, under SSL/TLS Settings in Internet
Services, the root certificate of the remote server must be registered to the machine (imported with
Internet Services) to verify the Digital certificate of same.