Site Certificate VS Device Certificate

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • brett02
    Technician
    • Jul 2015
    • 12
    #1

    [Misc] Site Certificate VS Device Certificate

    Does anyone have any documentation on the difference for a Site Certification Vs Device Certification.

    I have a customer that wants to utilize SSL for remotely logging into the Web Image Monitor. They believe they need a device certificate and I am telling them they only need a site certificate.
    Tags: site certificate
    • rthonpm
      Field Supervisor

      2,500+ Posts
      • Aug 2007
      • 2847
      #2
      Re: Site Certificate VS Device Certificate

      A site certificate is what they're looking for if they just want SSL since the device can create a self-signed SSL certificate. The potential issue with that is depending on the age of the device, it may not be able to create a key strong enough to satisfy some browsers. As an example, I had a customer with an MP 171 that couldn't be accessed by Firefox or Chrome because the key exchange was considered too weak for a secure site (oversimplification for this description), but would work in IE 8.

      A device certificate is one that comes from a valid signing authority, usually a domain controller or server set with this as an assigned role. The certificate is requested from the device, created by the server, and then installed. The advantage is that with proper group policies, all computers will already be set to trust the cert. The downside is the amount of time it takes to set up the entire process of a domain CA.

      If the customer has an Active Directory CA in place, a device cert would be the way to go. If not, it may be better to just limit access to the web interface by an IP range or some other method rather than trusting a self-signed cert that may not completely work.

        Comment

        • brett02
          Technician
          • Jul 2015
          • 12
          #3
          Re: Site Certificate VS Device Certificate

          so to clarify they would need a Site Certificate from the Certificate authority and then a self signed Device Certificate?

          My thought was they could just get a Site Certificate and not need a device certificate ?

            Comment

            • slimslob
              Retired

              Site Contributor
              25,000+ Posts
              • May 2013
              • 37052
              #4
              Re: Site Certificate VS Device Certificate

              I believe that a cite certificate is generally is from an internet such as Equifax and is obtained for a Ricoh MFP by downloading it from the certificates on your browser to a folder and then installing it to the MFP from the folder using WIM. The Equifax Google Internet Authority is commonly used. Check the valid date range before downloading it. You may have to use Windows 8 for one that has not expired.

              A device certificate is specific to the device and used to communicate with a specific other device. An example is @Remote uses device certificates to identify individual machines.

                Comment

                Previous template Next
                Working...