This topic contains the following instructions:
Create a CSR
Download a CSR
Send a CSR to CA
Upload the PRISMAsync Print Server Identity certificate
PRISMAsync Print Server printers need their Identity certificate when other parties want to verify the identity of the PRISMAsync Print Server printer.
A Certificate signing request (CSR) is a request to a CA to create and issue a signed Identity certificate. The CSR consists of several fields that need to be filled according to specific instructions.
To create a PRISMAsync Print Server Identity certificate, the system administrator must perform several tasks.
Create a CSR.
Download the CSR.
Send the CSR to a CA.
When the CA has issued the Identity certificate, upload the Identity certificate.
Certificate signing request (CSR)Go to: .
[Security] tabGo to the [Identity certificate] options.
Use the CSR fields to define the certificate details.
[Identity certificate] options|
CSR fields |
Description |
|---|---|
|
[Common name] |
Fully Qualified Domain Name. This name includes the Common Name (CN), such as www or mail. For example: www.canon.com or mail.canon.com. |
|
[Organization] |
Legal incorporated name of a company with suffixes such as: Ltd., Inc., Corp. |
|
[Organizational unit] |
For example: HR, Finance, IT. |
|
[Locality] |
For example: Venlo, London. |
|
[State or province] |
For example: Sussex, Normandy, New Jersey. Dot not use abbreviations. |
|
[Country or region] |
Two-letter X.500 Naming Scheme standard for the country where your organization is located. For example: GB, FR, US. |
|
[Email address] |
Email address to contact the organization. |
|
[Subject alternative name 1] |
Use the three fields as an extension to the X.509 standard. At least one of the three SAN fields must contain the Fully Qualified Domain Name which is the content of the [Common name] field. When you want to use this certificate to configure IEEE 802.1x network-based authentication, check the authentication method. |
|
[Key exchange technology] |
The options are a combination of digital signature algorithms and the key size.
|
NOTE
The .csr file reflects the current system configuration. If the printer has been re-installed, after the .csr file has been downloaded and before the .crt file has been uploaded, a new CSR must be created.
Click [Create request file] in the [Certificate signing request] option.
[Certificate signing request] optionDownload and store the .csr file.
The CA creates an Identity certificate according to CSR fields. The CA uses its private key to sign the Identity certificate. Then, the Identity certificate is returned so that the system administrator can upload it.
Send CSR to CAYou start this procedure after you received the signed Identity certificate (.crt file) from the CA.
Go to: .
[Security] tabGo to the [Identity certificate] options.
Click [Upload] in the [Identity certificate file] field.
[Upload] optionBrowse to the .crt file.
Click [OK].
The following PRISMAsync Print Server Identity certificate fields have been defined by the CA.
CA certificate fields|
Certificate fields |
Description |
|---|---|
|
[Valid for HTTPS] |
[Yes]: the identity certificate can be used for HTTPS and server authentication. |
|
[Valid for IPsec] |
[Yes]: the Identity certificate can be used for IPsec and client authentication. |
|
[Valid from] |
Start date of validity period. |
|
[Valid until] |
End date of validity period. |
NOTE
You cannot change a PRISMAsync Print Server Identity certificate and it is not possible to upload the same PRISMAsync Print Server Identity certificate a second time. When a new Identity certificate is required, a new CSR must be created.
A backup file with confidential data contains the Identity certificate. When the backup does not include confidential data, the Identity certificate is not restored.