Table of Contents
Advertisement
Configuring Settings for Key Pairs and Digital
Certificates
In order to encrypt communication with a remote device, an encryption key must be sent and received over an
unsecured network beforehand. This problem is solved by public-key cryptography. Public-key cryptography ensures
secure communication by protecting valuable information from attacks, such as sniffing, spoofing, and tampering of
data as it flows over a network.
Key Pair
A key pair consists of a public key and a secret key, both of which are required for encrypting or
decrypting data. Data can be exchanged safely, because encrypted data cannot be decrypted
without the other key in a key pair. You can register up to five key pairs (
Pairs and Digital Certificates(P. 167) ). Key pairs can also be generated by the machine (
Generating Key Pairs(P. 160) ).
CA Certificate
Digital certificates including CA certificates are similar to other forms of identification, such as
driver's licenses. A digital certificate contains a digital signature, which enables the machine to
detect any spoofing or tampering of data. It is extremely difficult for third parties to abuse digital
certificates. Digital certificates (including public keys) that are issued by a certificate authority
(CA) are called CA certificates. You can register up to 67 CA certificates including the 62 that are
preinstalled (
◼
Key and Certificate Operating Requirements
Certificates for key pairs generated with the machine must conform to X.509v3. If you install a key pair or a CA
certificate from a computer, make sure that they meet the following requirements.
Format
Files extension
Public key algorithm
(and key length)
Certificate signature algorithm
Certificate thumbprint algorithm SHA1
*1
Requirements for the certificate contained in a key pair shall follow the operating conditions for CA certificates.
*2
Not supported when the operating system of the communication partner device is Windows 8/Server 2012. Depending on
the application of update programs, encrypted communication may also not be possible with other versions of Windows.
*3
SHA384-RSA and SHA512-RSA are available only when the RSA key length is 1024 bits or more.
Security
Using CA-issued Key Pairs and Digital Certificates(P. 167) ).
*1
●
Key pair: PKCS#12
●
CA certificate: X.509v1 or X.509v3, DER (encoded binary), PEM
●
Key pair: ".p12" or ".pfx"
●
CA certificate: ".cer"
*2
RSA (512 bits
, 1024 bits, 2048 bits, or 4096 bits)
SHA1-RSA, SHA256-RSA, SHA384-RSA
*3
SHA512-RSA
, MD5-RSA, MD2-RSA
*3
,
158
0YFA-035
Using CA-issued Key
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
