29713 Security - Encryption/Digital SignatureThis chapter describes how to configure the encryption and digital signature featuresfor the machine.The following information is provided:Types of Encryption/Digital Signature Services Available – page 297Configuration of HTTPS (SSL/TLS) Communication Encryption – page 298Configuration of E-mail Encryption/Digital Signature – page 300Configuration of Scan File Signatures (PDF/XPS Documents) – page 303Configuration of IPsec – page 305NOTE: Some of the features described in this chapter are optional, and may not applyto your machine configuration.Types of Encryption/Digital Signature Services AvailableThe communication data between the machine and computers on a network can beencrypted.Encryption for the machine, as described in this chapter, is set up using CentreWareInternet Services.NOTE: For details on CentreWare Internet Services, refer toCentreWare InternetServices on page 147.The quickest and easiest, although not the most reliable, method to use to set up initialHTTP communication encryption is the generation of a self-signed certificate (as statedunderConfiguration of HTTPS (SSL/TLS) Communication Encryption on page 298).To manage digital certificates stored in the machine, click [Machine Digital CertificateManagement] in the [Security] folder on the [Properties] page of CentreWare InternetServices.Encryption of HTTP Communications from a Client to the Machine (Server Certificate)The SOAP port, Internet service (HTTP) port, IPP port, and WebDAV port use theHTTP server of the machine.The SSL/TLS suite of protocols is used in the encryption of HTTP communications froma client to the machine. A user of a client computer accesses the machine’s HTTPserver by typing “https://”, followed by the Internet address of the machine, into the[Address] box of a web browser application. The machine then offers the client a DigitalCertificate, which the client accepts (after reviewing the validity of same). Uponacceptance of the Digital Certificate, a Public Key exchange takes place, encryptionalgorithms are agreed upon between the two parties, and the client uses the server’sPublic Key to communicate with the server using digitally signed and encrypted data.Digital certificates imported from a Certificate Authority, or self-signed certificatescreated with CentreWare Internet Services, can be used as SSL/TLS certificates on themachine’s HTTP server.