Manualshelf

HP MFP Digital Sending Software (DSS) 5.0 - Security Features

ManualsBrandsHP ManualsSoftwareHP MFP Digital Sending Software 5.0
12345678910
6
Certificate Authorities create certificates. When an entity creates its own certificate it is acting as its own
certificate authority and the resulting certificate is called a self-signed certificate. When a third party
creates a certificate for another entity the entity that creates the certificate is a Certificate Authority
(CA). VeriSign is a well-known third party Certificate Authority. Whenever a certificate is created it is
signed by the CA that created it, whether or not the CA is itself (self-signed) or a third party.
Certificate Authorities are rarely a single server or entity. In fact, many companies have set up one or
more of their own public-key infrastructures to deal with public key distribution. Wikipedia defines a
public-key infrastructure as:A public-key infrastructure (PKI) is a set of hardware, software, people,
policies, and procedures needed to create, manage, distribute, use, store and revoke digital
certificates”. For the very simplified explanation of SSL /TLS in this whitepaper we will assume that the
CA is just a simple single server, but, any instructions found in this paper referring to CAs or CA
certificates may have to be modified to take into account the actual PKI infrastructure within which DSS
is operating.
Certificate Authorities create their own self-signed certificates which contain the public key of the CA.
Since SSL / TLS clients get keys from servers an important aspect of the security structure is helping the
client trust that the certificate it has been given is really coming from who they think it is, and not
instead coming from a fake entity that is trying to break their security.
As an example, let’s look at the DSS certificates that DSS creates for itself on a DSS server when it is
installed.
To look at the certificates on a DSS server the Microsoft Management Console (MMC) is used with the
certificates plug in. Follow these steps on the DSS server:
1. Start Run mmc”
2. File Add/Remove Snap-in
3. choose “Certificates” and press “Add” button
4. “Computer Account Next Local computer” Finish
5. Press “OK” button
6. In tree view on left panel, expand “Certificates (Local Computer) / Personal / Certificates”
7. There should be a certificate with the name <IP address> in the “Issued To” column and HP IPG
DSS CA <IP address> in the “Issued By” column
See the screenshot below.
The highlighted certificate is the DSS certificate that holds its public key. (A certificate is not created for
the private key; the private key is not to be given out). DSS uses the IP address of the DSS server for