Pki settings] - [external certificate, Pki settings] - [validate certificate – Konica Minolta bizhub C3350 User Manual
Page 36
[Applied Functions]
1-30
1.5
Available operations in Administrator mode
1
[PKI Settings] - [External Certificate]
To display: Administrator mode - [Security] - [PKI Settings] - [External Certificate]
Displays the list of external certificates registered on this machine.
Click [New Registration] to register a new external certificate to this machine.
[PKI Settings] - [Validate Certificate]
To display: Administrator mode - [Security] - [PKI Settings] - [Validate Certificate]
You can configure the settings for verifying reliability of the certificate (expiration date, CN, key usage, etc.)
for the peers.
[Certificate Verification
Settings]
To verify the certificate, select items to be verified.
If you select [Enable] at each item, the certificate is verified for each item.
•
[Validity Period]: Check whether or not the certificate is within the validity
period.
[Enable] is specified by default.
•
[CN]: Check whether or not CN (Common Name) of the certificate matches
the server address.
[Disable] is specified by default.
•
[Chain]: Check whether or not there is any problem in the certificate chain
(certificate path). The chain is validated by referencing the external certifi-
cates that are managed on this machine.
[Disable] is specified by default.
•
[Key Usage]: Check whether or not the certificate is used according to the
intended purpose approved by the certificate issuer.
[Disable] is specified by default.
•
[Check CRL Expiration]: Check whether or not the certificate has expired
with CRL (Certificate Revocation List).
[Disable] is specified by default.
•
[Check OCSP Expiration]: Check whether or not the certificate has expired
with the OCSP (Online Certificate Status Protocol) service.
[Disable] is specified by default.
[Device Certificate]
Select the certificate to be used.
Item
Description
Item
Description
[Certification Type]
Select a type of new external certificate to be registered.
•
[Trusted Root Certification Authorities]: Register the certificate of the CA
that issued the certificate.
•
[Trusted Intermediate Certification Authorities]: Register the trusted certifi-
cate of the intermediate CA.
•
[Trusted Certificate]: Register the trusted certificate individually.
•
[Untrusted Certificate]: Register the untrusted certificate individually.
[File]
Click [Browse], and specify the location of the external certificate to be regis-
tered.
Item
Description
[Certificate Verification
Settings]
Configure the certificate verification settings.
[Certificate Verifica-
tion]
Select whether or not to verify the reliability of the certificate for a peer.
[Enable] is specified by default.
[Timeout]
Change the time-out time of certificate expiration confirmation.
[30] sec. is specified by default.
[OCSP Service]
Select whether or not to use the OCSP service.
Using the Online Certificate Status Protocol (OCSP) service, you can check on-
line to find whether or not the certificate has expired.
[Disable] is specified by default.
[URL]
To use the OCSP service, enter the URL of the OCSP service (using up to 511
bytes).
If [URL] is left blank, the URL of the OCSP service embedded in the certificate
will be used.