Xerox® Security Guide for Office Class Products: AltaLink® VersaLink®November 2018 Page 15Public Key Encryption (PKI)A digital certificate is a file that contains data used to verify the identity of the client or server in a networktransaction. A certificate also contains a public key used to create and verify digital signatures. To proveidentity to another product, a product presents a certificate trusted by the other product. The product canalso present a certificate signed by a trusted third party and a digital signature proving that it owns thecertificate.A digital certificate includes the following data:• Information about the owner of the certificate• The certificate serial number and expiration date• The name and digital signature of the certificate authority (CA) that issued the certificate• A public key• A purpose defining how the certificate and public key can be usedThere are four types of certificates:• A Product Certificate is a certificate for which the printer has a private key. The purpose specified in thecertificate allows it to be used to prove identity.• A CA Certificate is a certificate with authority to sign other certificates.• A Trusted Certificate is a self-signed certificate from another product that you want to trust.• A domain controller certificate is a self-signed certificate for a domain controller in your network.Domain controller certificates are used to verify the identity of a user when the user logs in to the productusing a Smart Card.For protocols such as HTTPS, the printer is the server, and must prove its identity to the client Webbrowser. For protocols such as 802.1X, the printer is the client, and must prove its identity to theauthentication server, typically a RADIUS server.Device CertificatesAltaLink® and VersaLink® products support both CA signed and self-signed certificates. Productcertificates support a bit length of up to 2048 bits.A CA signed certificate can be created by generating a Certificate Signing Request (CSR), and sending itto a CA or a local server functioning as a CA to sign the CSR. An example of a server functioning as acertificate authority is Windows Server 2008 running Certificate Services. When the CA returns the signedcertificate, install it on the printer.Alternatively, a self-signed certificate may be created. When you create a Product Certificate, the productgenerates a certificate, signs it, and creates a public key used in SSL/TLS encryption.AltaLink® Multifunction VersaLink®MultifunctionVersaLink® PrintersB8045, B8055, B8065, B8075,B8090, C8030, C8035, C8045,C8055, C8070B405, B605, B615, B7025,B7030, B7035, C405, C505,C605, C7020, C7025, C7030B400, B600, B610, C400,C500, C600, C7000, C8000,C9000Device CertificatesCertificate Length 1024, 2048 1024, 2048 1024, 2048Supported Hashes SHA1, SHA256 SHA256, SHA384, SHA512 SHA256, SHA384, SHA512Product Web Server Supported Supported SupportedIPPS (TLS) Printing Supported Supported Supported802.1X Client Supported Supported SupportedEmail Signing Supported Supported (Not Applicable)Email Encryption Supported Supported (Not Applicable)OCSP Signing Supported Supported SupportedIPSec Supported (Not currently supported) (Not currently supported)