Xerox SmartSend Support & Software User Guide
SMARTsend Security
SMARTsend
Installation and Administration Guide
191
HTTPS/SSL Certificates
SMARTsend provides options to configure the web site for secure password entry and secure data
transmission. These options are based on the HTTPS and SSL (Secure Socket Layer) protocols provided
by the Windows operating system.
transmission. These options are based on the HTTPS and SSL (Secure Socket Layer) protocols provided
by the Windows operating system.
HTTPS/SSL provides the following:
•
•
Confidentiality—Encrypted information is exchanged between clients and servers over a secure
connection.
connection.
•
Integrity—The integrity of message content exchanged between client and server is verified.
HTTPS requires the usage of Secure Server Certificates (SSL certificates). For instructions on how to
obtain and install an SSL certificate for the SMARTsend computer, refer to
obtain and install an SSL certificate for the SMARTsend computer, refer to
.
SMARTsend makes the use of security certificates optional to accommodate installations where other
security measures are employed or where security is not a concern. When a security certificate is
installed on the SMARTsend computer, it will provide secure password entry when users access
SMARTsend. Furthermore, if the
security measures are employed or where security is not a concern. When a security certificate is
installed on the SMARTsend computer, it will provide secure password entry when users access
SMARTsend. Furthermore, if the
Require Secure Channel (SSL) option and the security certificate are
properly configured on the SMARTsend computer, all data transfer between SMARTsend users and
devices will be encrypted.
devices will be encrypted.
For more information, visit Microsoft on the web at:
Secure Password Entry
When the secure password entry option is configured in SMARTsend, the HTTPS transmission protocol
is used to transmit user credentials and passwords securely across the network. When this option is not
selected, passwords are sent in clear text across the network and are vulnerable to security issues. See
is used to transmit user credentials and passwords securely across the network. When this option is not
selected, passwords are sent in clear text across the network and are vulnerable to security issues. See
on page 193 for additional information.
Secure Web Site Configuration
The SMARTsend computer can also be configured to require the use of SSL for all communication and
data transfer. This involves manual configuration of the IIS (Internet Information Services) Directory
Security properties using Microsoft Management Console. This is performed on the computer after
SMARTsend and an SSL Certificate have been installed.
data transfer. This involves manual configuration of the IIS (Internet Information Services) Directory
Security properties using Microsoft Management Console. This is performed on the computer after
SMARTsend and an SSL Certificate have been installed.
Note:
Certificates establish identity and trusts for the secure exchange of information.
Certificate authorities can issue certificates to users, devices and services. SMARTsend will
not be able to function properly under SSL if the Host Name on the certificate does not
match the fully qualified computer name, or if the certificate has expired.
not be able to function properly under SSL if the Host Name on the certificate does not
match the fully qualified computer name, or if the certificate has expired.