Dell B3465dnf Mono Embedded Web Server -- Security Administrators Guide - Page 41

Appendix

Appendix A: CA file creation

Note:

This example of generation of a CA file for the Certificate Authority assumes usage of a Windows Certificate

Authority server.

1

Point the browser window to the CA. Make sure to use the URL, http//<CA’s address>/CertSrv, where

CA’s

address

is the IP address or host name of the CA server.

Note:

Before the CA Web page opens, a Windows login window may pop up and request user credentials to

verify that you have access to the CA Web page.

2

Click

Download a CA certificate, certificate chain, or CRL

.

3

Click

Base 64 encoded

, and then click

Download CA Certificate

.

Note:

DER encoding is not supported.

4

Save the certificate that is offered in a file. The file name is arbitrary, but the extension should be “.pem”.

Appendix B: CA

‑

Signed Device Certificate creation

Note:

This example of generation of a CA file for the Certificate Authority assumes usage of a Windows Certificate

Authority server.

1

Point the browser window to the CA. Make sure to use the URL, http//<CA’s address>/CertSrv, where

CA’s

address

is the IP address or host name of the CA server.

2

Click

Request a certificate

.

3

Click

advanced certificate request

.

4

Click

Submit a certificate request by using a base

‑

64

‑

encoded

.

5

Paste the (.csr prompted) information copied from the device into the Saved Request field, and then select a Web

Server

‑

type certificate template.

6

Click

Submit

.

Note:

The server takes a moment or two to process the request, and then presents a dialog window.

7

Select

Base 64 encoded

, and then click

Download Certificate

.

Note:

DER encoding is not supported.

8

Save the certificate that is offered in a file. The file name is arbitrary, but the extension should be “.pem”.

Appendix C: Automatic Certificate Enrollment Application

This application, after installation, will automatically create a device certificate signing request and pass the signing

request on to the Certificate authority (CA) for approval. It will then retrieve the CA signed device certificate, and then

install the certificate. The previous manual process is replaced by a simple process with only limited initial setup

required.

Appendix

41

Section	Page
Contents	2
Security devices covered in this guide	4
Simple security devices	4
Advanced security devices	4
Using security features in the Embedded Web Server	5
Understanding the basics	5
Authentication and Authorization	5
Groups	7
Access Controls	7
Security Templates	7
Limiting access with Basic Security Setup	8
Configuring building blocks	8
Creating a password for advanced security setup	8
Creating a password through Web Page Password Protect	9
Creating a PIN for advanced security setup	9
Creating a PIN through Panel PIN Protect	10
Setting up internal accounts	10
Connecting your printer to an Active Directory domain	11
Using LDAP	13
Using LDAP+GSSAPI	15
Configuring Kerberos 5 for use with LDAP+GSSAPI	17
Setting up a CA certificate monitor	19
Downloading the CA certificates immediately	19
Securing access	19
Setting a backup password	19
Setting login restrictions	20
Using a security template to control function access	20
Managing certificates and other settings	22
Installing a Certificate Authority certificate on the device	22
Configuring the device for certificate information	23
Creating a new certificate	24
Viewing, downloading, and deleting a certificate	24
Setting certificate defaults	25
Configuring confidential printing	25
Enabling and disabling USB devices	26
Erasing temporary data files from the hard disk	27
Configuring security audit log settings	27
Connecting the printer to a wireless network using the Embedded Web Server	29
Configuring 802.1X authentication	29
Setting up SNMP	31
Configuring the TCP/IP port access setting	32
Configuring IPsec settings	32
Enabling the security reset jumper	33
Securing the hard disk and other installed memory	33
Statement of Volatility	33
Erasing volatile memory	34
Erasing non-volatile memory	34
Configuring Out of Service Erase	35
Completely erasing printer hard disk memory	36
Configuring printer hard disk encryption	36
Scenarios	38
Scenario: Printer in a public place	38
Scenario: Standalone or small office	39
Scenario: Network running Active Directory	39
Appendix	41
Appendix A: CA file creation	41
Appendix B: CA-Signed Device Certificate creation	41
Appendix C: Automatic Certificate Enrollment Application	41
Appendix D: Access controls	43
Notices	46
Edition notice	46
GOVERNMENT END USERS	46
GifEncoder	46
ZXing 1.7	46
Apache License Version 2.0, January 2004	47
Glossary of Security Terms	50

Dell B3465dnf Mono Embedded Web Server -- Security Administrators Guide - Page 41

Appendix, Appendix A: CA file creation, Appendix B: CA-Signed Device Certificate creation, Appendix

Page 41 highlights