30513 Security - Encryption/Digital SignatureThis chapter describes how to configure the encryption and digital signature featuresfor the machine.The following information is provided:Types of Encryption/Digital Signature Services Available – page 305Configuration of HTTPS (SSL/TLS) Communication Encryption – page 306Configuration of E-mail Encryption/Digital Signature – page 308Configuration of Scan File Signatures (PDF/XPS Documents) – page 311Configuration of IPsec – page 313NOTE: Some of the features described in this chapter are optional, and may not applyto your machine configuration.Types of Encryption/Digital Signature Services AvailableThe communication data between the machine and computers on a network can beencrypted.Encryption for the machine, as described in this chapter, is set up using CentreWareInternet Services.NOTE: For details on CentreWare Internet Services, refer toCentreWare InternetServices on page 149.The quickest and easiest, although not the most reliable, method to use to set up initialHTTP communication encryption is the generation of a self-signed certificate (as statedunderConfiguration of HTTPS (SSL/TLS) Communication Encryption on page 306).To manage digital certificates stored in the machine, click [Machine Digital CertificateManagement] in the [Security] folder on the [Properties] page of CentreWare InternetServices.Encryption of HTTP Communications from a Client to the Machine (Server Certificate)The SOAP port, Internet service (HTTP) port, IPP port, and WebDAV port use theHTTP server of the machine.The SSL/TLS suite of protocols is used in the encryption of HTTP communications froma client to the machine. A user of a client computer accesses the machine’s HTTPserver by typing “https://”, followed by the Internet address of the machine, into the[Address] box of a web browser application. The machine then offers the client a DigitalCertificate, which the client accepts (after reviewing the validity of same). Uponacceptance of the Digital Certificate, a Public Key exchange takes place, encryptionalgorithms are agreed upon between the two parties, and the client uses the server’sPublic Key to communicate with the server using digitally signed and encrypted data.Digital certificates imported from a Certificate Authority, or self-signed certificatescreated with CentreWare Internet Services, can be used as SSL/TLS certificates on themachine’s HTTP server.