Xerox 1235/DX Printer User Manual


 
Basic Concepts
System Administrator Guide
4-3
About HTTP, HTTPS, and SSL/TLS
HTTP (Hyper Text Transfer Protocol) is the protocol used to communicate across the internet
between the printer web server and the web browser (clients). Because the data is transmitted
in plain text and passwords are only slightly encrypted, it is not secure; the data can be read or
intercepted by other people.
HTTPS (Secure Hyper Text Transfer Protocol) is a secure version of HTTP. HTTPS provides
authentication and encrypted communication to preserve the confidentiality of your data.
Instead of using plain text, HTTPS uses either the SSL (Secure Socket Layer) protocol or the
TLS (Transport Layer Security) protocol to encrypt data, thus ensuring reasonable protection
from eavesdroppers and man-in-the-middle attacks.
Before using HTTPS, you must set up a certificate and select when to use SSL to encrypt data.
You can set the printer to use SSL either to secure web pages that use passwords or to secure
all web pages.
See also:
About Certificates on page 4-3
Managing Certificates on page 4-6
Configuring SSL on page 4-7
About Certificates
A certificate is an electronic message containing information about the printer and a digital
signature.
Before configuring passwords, set up a certificate and then configure SSL to encrypt data
including passwords for maximum security. You can set up a self-signed certificate or
download a root-signed certificate, depending on your requirements.
Device Certificates:
A device certificate is stored in the printer and is used to validate the identity of the printer to
clients and network servers and to allow encrypted communication. If you do not install a
device certificate signed by a Certificate Authority (CA), a default self-signed device
certificate is automatically established on the printer when it is needed. A CA signed device
certificate is needed to log into the network when using 802.1X EAP authentication with TLS.
Self-Signed Certificates
Setting up a self-signed certificate is a quick and easy way to establish a certificate on the
printer. The printer automatically generates a default self-signed certificate when the printer is
turned on for the first time. To modify the certificate so it is specific to your printer, use
CentreWare IS to enter information about the location of the printer.
While self-signed certificates are safe for most applications and allow data encryption, they do
not ensure valid authentication. Self-signed certificates are not necessarily secure because the
certificate owner is only confirming his own identify instead of verification by a trusted third
party. Although self-signed certificates encrypt the data that is exchanged, they do not prevent
man-in-the-middle attacks.