Managing Key Pairs and Digital Certificates

Return to Overview

The machine can take advantage of key pairs and digital certificates for security purposes, such as IEEE802.1X port-based authentication. After key pairs and digital certificates are installed in the machine, register them for use as described below.

The key pairs and digital certificates registered in the machine are divided into the following types:

  • Key and Certificate

In IEEE802.1X port-based authentication, a key pair (or a private key and certificate) in PKCS#12 format is required for enabling the EAP-TLS method on the client device. Up to three key pairs can be registered.

  • CA Certificate

CA certificates are used for verifying the digital certificates sent from other devices, such as servers, client computers, etc. Up to 10 CA certificates (including the pre-installed CA certificate) can be registered.


Remark
  • Certificates must meet the following requirements:
    - Format: X.509 version 1 or version 3 (DER encoded binary)
    - Signature algorithm: SHA1-RSA, MD5-RSA, or MD2-RSA (For CA certificates, SHA1-DSA is also allowed.)
    - Key length: 512 bits or 1024 bits (RSA)/2048 bits (DSA)
    - File extension: β€˜.p12’ (for key pair files)/β€˜.cer’ (for CA certificate files)
  • The machine does not use certificate revocation list (CRL) for verifying digital certificates.
  • Self-signed certificates are not supported.
  • Key pairs and digital certificates can be installed only from the Remote UI. For details on how to access the Remote UI, see "Starting the Remote UI."
  • Key pairs and digital certificates can be registered both with the control panel and from the Remote UI.