Lexmark X782e PKI-Enabled Pre-Installation Guide - Page 16

Certificate / Certificate Chain

Get Lexmark X782e PDF manuals and user guides View all Lexmark X782e manuals
Add to My Manuals
Save this manual to your list of manuals

Page 16 highlights

PKI Pre-Installation Guide MFP Chain Validation OCSP Certificate Validation OCSP Chain Validation The PKI Authentication Application gets the certificate contained in the Domain Controller's response to build the complete certificate chain to a trusted Root CA. All certificates in this chain must have been previously installed on the MFP. If the chain can be successfully built, the response is considered trusted and the logon proceeds. If the chain cannot be built, the logon will fail. The PKI Authentication Application gets the certificate contained in the Domain Controller's response and performs the same validation as in the MFP Certificate Validation mode. If that succeeds, it then uses an OCSP Responder/Repeater (such as Tumbleweed) to validate the Domain Controller certificate has not been revoked or otherwise marked as invalid. If that succeeds, the logon proceeds; otherwise, it fails. The PKI Authentication Application gets the certificate contained in the Domain Controller's response and performs the same validation as in the MFP Chain Validation mode. If that succeeds, it then uses an OCSP Responder/Repeater (such as Tumbleweed) to validate that none of the certificates in the certificate chain have been revoked or otherwise marked as invalid. If that succeeds for each certificate in the chain, the logon proceeds; otherwise, it fails. The configuration information needed varies according to the Domain Controller Validation method selected. Check the box below to indicate the desired method. □ MFP Certificate Validation □ MFP Chain Validation □ OCSP Certificate Validation □ OCSP Chain Validation If MFP Certificate Validation or OCSP Certificate Validation is chosen, the certificate of each CA that issued each Domain Controller certificate listed in item 1 in section 3.2.2 must be installed on the device. If MFP Chain Validation or OCSP Chain Validation is chosen, the certificate chain for each Domain Controller listed in item 1 in section 3.2.2 must be installed on the device. Each certificate needs to be in PEM (Base64) format; see section 7.5, Domain Controller Certificates, for more information on generating the certificate file. Certificate / Certificate Chain: Please have file ready at install time. If one of the OCSP validation options is selected, the following information is needed about the OCSP Responder/Repeater to be used. Version 2.0.0 Page 12

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
PKI Pre-Installation Guide
Version 2.0.0
Page 12
MFP Chain
Validation
The PKI Authentication Application gets the certificate contained in
the Domain Controller’s response to build the complete certificate
chain to a trusted Root CA.
All certificates in this chain must have
been previously installed on the MFP.
If the chain can be successfully
built, the response is considered trusted and the logon proceeds.
If the
chain cannot be built, the logon will fail.
OCSP Certificate
Validation
The PKI Authentication Application gets the certificate contained in
the Domain Controller’s response and performs the same validation as
in the
MFP Certificate Validation
mode.
If that succeeds, it then uses
an OCSP Responder/Repeater (such as Tumbleweed) to validate the
Domain Controller certificate has not been revoked or otherwise
marked as invalid.
If that succeeds, the logon proceeds; otherwise, it
fails.
OCSP Chain
Validation
The PKI Authentication Application gets the certificate contained in
the Domain Controller’s response and performs the same validation as
in the
MFP Chain Validation
mode.
If that succeeds, it then uses an
OCSP Responder/Repeater (such as Tumbleweed) to validate that none
of the certificates in the certificate chain have been revoked or
otherwise marked as invalid.
If that succeeds for each certificate in the
chain, the logon proceeds; otherwise, it fails.
The configuration information needed varies according to the Domain Controller Validation
method selected.
Check the box below to indicate the desired method.
MFP Certificate Validation
MFP Chain Validation
OCSP Certificate Validation
OCSP Chain Validation
If
MFP Certificate Validation
or
OCSP Certificate Validation
is chosen, the certificate of each
CA that issued each Domain Controller certificate listed in item 1 in section 3.2.2 must be
installed on the device.
If
MFP Chain Validation
or
OCSP Chain Validation
is chosen, the
certificate chain for each Domain Controller listed in item 1 in section 3.2.2 must be installed on
the device.
Each certificate needs to be in PEM (Base64) format; see section 7.5,
Domain Controller
Certificates
, for more information on generating the certificate file.
Certificate / Certificate Chain:
Please have file ready at install time.
If one of the OCSP validation options is selected, the following information is needed about the
OCSP Responder/Repeater to be used.