HP MFP Digital Sending Software (DSS) 5.0 - Security Features

b. A check to see if the name associated with the certificate exactly matches the name that

entity1 used to contact entity2. For example, if entity 1 contacted entity 2 with its IP

address, entity 2 would expect that IP address to be one of the names in entity 2’s

certificate. (Certificates have a primary name known as the common name or CN, and

can also have alternate names stored in the SAN (Subject Alternative Name) part of the

certificate.)

c. There are additional checks that won’t be detailed here

6. The SSL / TLS session continues because Entity 1 trusts the certificate it got from Entity 2.

Note that the above session only succeeds because entity 1 did some work before it started the

communication with entity 2. When server certificate validation is on clients will only be able to

communicate with servers when the server certificate is signed by a CA in the client’s trusted root

certification authorities store. Therefore, putting a CA certificate into the trusted root certification

authorities store is a big deal and forms the backbone of trust that allows secure communication.

Certificates can be imported in Windows using the same mmc plug-in we used before to view the DSS

certificates. Highlight the store into which you want to import a certificate then under the Action menu

choose All Tasks and then Import… to start the import process.

Where you obtain a CA certificate to import into the Trusted Root Certification Authorities store

depends on the CA. Some large public CAs have these publically available. If you need to obtain the CA

certificate from a smaller entity you will have to find and follow the CA’s documentation for obtaining

their certificate.

In DSS server certificate validation is off by default. The UI to enable and configure server certificate

validation is found on the Configuration Utility’s Security tab.