Security Guide 27Digital CertificatesSSL/TLS cannot be enabled unless a digital certificate has beeninstalled on the system, using the Add Certificate button. Installinga digital certificate can only be done by someone withadministrator privileges.The administrator selects SSL/TLS from the [Setup] Menu andclicks on the [Add Certificate] button. This invokes the AddCertificate wizard. There are two options regarding digitalcertificates. One option is “Self-signed certificate”. This is selectedwhen no third party Certificate Authority is being used.Another option is “Signed Certificate from a Certificate Authority”.In this case, the administrator needs to supply the fully qualifieddomain name, IP address, organization and country of theCertificate Authority.If the choice is to use a Certificate Authority, all Certificateinformation needs to be held in a file and sent to the CertificateAuthority. The Authority returns a valid certificate that must beinstalled on the system.NOTE: A self-signed certificate is not as secure as a certificatesigned by a Certificate Authority. A self-signed certificate is themost convenient way to begin using SSL/TLS and does notrequire the use of a server functioning as a Certificate Authority ora third party Certificate Authority.Once the Digital Certificate has been installed, the Enable SSL/TLS selection becomes available among the [Setup] options. Atthat time the administrator can select the mode of operation,Normal or Secure, from a drop-down menu.Network ProtocolThis section addresses Network Protocol, name service changesand the changes that occur when security is invoked.The table below addresses the list of Network Protocols that areused by the Xerox FreeFlow Print Server software or Xerox clientoperations.Table 2-7 Network ProtocolsNetworkProtocol RequiredSamba (SMB) Network sharing protocol required for Hot Folders and SMBfiling (Nuvera only).XSun Required for functionality of Xerox FreeFlow Print Serverdiagnostics software.