HomeWeb Management ToolCreating a certificate for this machine to communicate via SSL

Creating a certificate for this machine to communicate via SSL

Overview

Communication between this machine and the computer can be encrypted with SSL to enhance security.

A certificate for this machine is used for the SSL communication between the machine and the computer. As a certificate was registered on this machine upon shipment, you can only enable SSL/TLS on the machine to start the SSL encrypted communication immediately after setup.

This machine can manage multiple certificates and use different certificates depending on the application (protocol). You can self-create a new certificate or install a certificate issued by the Certificate Authority (CA).

The following shows how to use the certificate on this machine.

Usage

Description

Using the certificate registered upon shipment

The certificate that was registered on this machine upon shipment can be used as it is.

Using a self-created certificate

Create a certificate with this machine.

The Certificate Authority (CA) is not required for a self-created certificate, and it can be used simply after entering necessary information for creating the certificate.

Using a certificate issued by the Certificate Authority (CA)

Create certificate signing request data in this machine, and request a trusted Certificate Authority (CA) for issuing a certificate for the machine. When the data is returned from the Certificate Authority after its review, register the data with this machine.

  • You can also use a certificate exported from other device by importing it on this machine. For details, refer to Here.

  • For details on how to use different certificates depending on the application (protocol), refer to Here.

Using the certificate registered upon shipment

Select a login mode to enable SSL communication. Also select the SSL encryption strength.

In the administrator mode, select [Security] - [PKI Settings] - [SSL Setting], then configure the following settings.

Settings

Description

[Mode using SSL/TLS]

Select a mode to perform SSL communication.

  • [Admin. Mode]: Uses SSL communication in the administrator mode only.

  • [Admin. Mode and User Mode]: Uses SSL communication in both the administrator mode and user mode.

  • [None]: Does not use SSL communication.

[None] is specified by default.

[Encryption Strength]

Select the SSL encryption strength.

Select it according to your environment.

[AES-256, 3DES-168, RC4-128] is specified by default.

[SSL/TLS Version Setting]

Select the version of the SSL to be used. Select the file according to your environment.

Self-creating a certificate

Create a certificate with this machine. The Certificate Authority (CA) is not required for a self-created certificate, and it can be used simply after entering necessary information for creating the certificate.

  1. In the administrator mode, select [Security] - [PKI Settings] - [Device Certificate Setting] - [New Registration] - [Create and install a self-signed Certificate.], and enter information required for creating a certificate, then click [OK].

    The certificate is created and installed on this machine. It may take several minutes to create a certificate.

    Settings

    Description

    [Common Name]

    Displays the IP address of this machine.

    [Organization]

    Enter an organization or association name (using up to 63 ASCII characters).

    [Organizational Unit]

    Enter the organization unit name (using up to 63 ASCII characters).

    You can also specify a null.

    [Locality]

    Enter the locality name (using up to 127 ASCII characters).

    [State/Province]

    Enter the state or province name (using up to 127 ASCII characters).

    [Country]

    Enter the country name. As the country name, specify a country code defined in ISO03166 (using up to two ASCII characters).

    United States: US, Great Britain: GB, Italy: IT, Australia: AU, The Netherlands: NL, Canada: CA, Spain: ES, Czech Republic: CZ, China: CN, Denmark: DK, Germany: DE, Japan: JP, France: FR, Belgium: BE, Russia: RU

    [Admin. E-mail Address]

    Enter the E-mail address of the administrator of this machine (using up to 128 characters, excluding spaces).

    If the E-mail address of the administrator was already registered from [System Settings] - [Machine Setting] in the administrator mode, this field displays the registered E-mail address.

    [Validity Start Date]

    Displays the starting date of the certificate validity period.

    Displays the date and time of this machine when this screen is displayed.

    [Validity Period]

    Enter the validity period of a certificate with the number of days that have elapsed since the starting date.

    [Encryption Key Type]

    Select a type of encryption key.

  2. When the certificate has been installed, enable SSL communication.

    • For details, refer to Here.

Requesting the Certificate Authority for issuing a certificate

Create certificate signing request data in this machine, and request a trusted Certificate Authority (CA) for issuing a certificate for the machine. When the data is returned from the Certificate Authority after its review, register the data with this machine.

  1. In the administrator mode, select [Security] - [PKI Settings] - [Device Certificate Setting] - [New Registration] - [Request a Certificate], and enter information required for issuing a certificate, then click [OK].

    The certificate signing request data to be sent to the Certificate Authority is created.

    Settings

    Description

    [Common Name]

    Displays the IP address of this machine.

    [Organization]

    Enter an organization or association name (using up to 63 ASCII characters).

    [Organizational Unit]

    Enter the organization unit name (using up to 63 ASCII characters).

    You can also specify a null.

    [Locality]

    Enter the locality name (using up to 127 ASCII characters).

    [State/Province]

    Enter the state or province name (using up to 127 ASCII characters).

    [Country]

    Enter the country name. As the country name, specify a country code defined in ISO03166 (using up to two ASCII characters).

    United States: US, Great Britain: GB, Italy: IT, Australia: AU, The Netherlands: NL, Canada: CA, Spain: ES, Czech Republic: CZ, China: CN, Denmark: DK, Germany: DE, Japan: JP, France: FR, Belgium: BE, Russia: RU

    [Admin. E-mail Address]

    Enter the E-mail address of the administrator of this machine (using up to 128 characters, excluding spaces).

    If the E-mail address of the administrator was already registered from [System Settings] - [Machine Setting] in the administrator mode, this field displays the registered E-mail address.

    [Encryption Key Type]

    Select a type of encryption key.

  2. Click [Save].

    • Click this button to save certificate signing request data on your computer as a file.

  3. Send the certificate signing request data to the Certificate Authority.

    When the data is returned from the Certificate Authority after its review, register the data with this machine.

  4. In the administrator mode, select [Security] - [PKI Settings] - [Device Certificate Setting] - [Setting] - [Install a Certificate], and paste the text data sent from the Certificate Authority (CA), and then click [Install].

  5. When the certificate has been installed, enable SSL communication.

    • For details, refer to Here.