Filter
Top Products
• Domain—This is the card domain that should be mapped to the specified realm. This is the principal name used
on the card and should be listed by itself, followed by a comma, a period, and then the principal name again.
This value is case‑sensitive and usually appears in lowercase. Multiple values can be entered, separated by
commas.
Example: If a U.S. DoD Common Access Card uses “123456789@mil” to identify a user, then “mil” is the principal
name. In this case, you would enter the domain as mil,.mil.
• Timeout—This is the amount of time the MFP should wait for a response from the domain controller before
moving to the next one in the list.
11 If users are allowed to log in manually, then provide at least one Manual Login Domain (a Windows Domain Name)
to choose from when logging in. Multiple domains can be entered, separated by commas.
12 Select a DC Validation Mode for validating the domain controller certificate when users log into the MFP:
• Device Certificate Validation—This is the most common method. The certificate of the CA that issued the
domain controller certificate must also be installed on the MFP.
• Device Chain Validation—The entire certificate chain, from the domain controller to the root CA, must be
installed on the MFP.
• OCSP Validation—The entire certificate chain, from the domain controller to the root CA, must be installed on
the MFP, and Online Certificate Status Protocol (OCSP) settings must be configured.
13 If you selected OCSP Validation, then configure the following:
• Responder URL—This is the IP address or host name of an OCSP responder/repeater, along with the port being
used (usually 80). The correct format is “http://ip_address:port_number” (http://255.255.255.0:80). Multiple
values can be entered, separated by commas. They will be tried in the order listed.
• Responder Certificate—Browse to locate the X.509 certificate for the responder.
• Responder Timeout—This is the amount of time the MFP should wait for a response from the OCSP Responder
before moving to the next one in the list.
• Unknown Status is Valid—Select this check box to allow a user to log in even if the OCSP response indicates
that the certificate status is unknown.
14 In the User Session and Access Control section, verify that the Share Session with LDD check box is not selected.
15 If DNS is not enabled on the network, or if some servers are multi‑homed, then under Advanced Settings, click
Browse to locate a Hosts File with host name–IP address mappings.
16 Select the Wait for Active Network check box to display Waiting for network on the touch screen after the
MFP is turned on. This message disappears when the network becomes available.
17 Click Apply.
Note: You must install at least one Certificate Authority (CA) certificate for PKI Authentication to work. For more
information on uploading a CA certificate, see “Creating and modifying digital certificates” on page 15.
31