Loading ...
Loading ...
Loading ...
● IPSec supports communication to a unicast addr
ess (or a single device).
● The machine cannot use both IPSec and DHCPv6 at the same time.
◼ Registr
ation of Keys and Certicates
● If you install a key or CA certicate from a computer, make sure that they meet the following requirements:
Format
● Ke
y: PKCS#12
*1
● CA certicate: X.509 DER/PEM
File extension
● Key: ".p12" or ".pfx"
● CA certicate: ".cer" or ".pem"
Public key algorithm
(and key length)
● RSA (512 bits, 1024 bits, 2048 bits, 4096 bits)
● DSA (1024 bits, 2048 bits, 3072 bits)
● ECDSA (P256, P384, P521)
Certicate signatur
e algorithm
● RSA: SHA-1, SHA-256, SHA-384
*2
, SHA-512
*2
, MD2, MD5
● DSA: SHA-1
● ECDSA: SHA-1, SHA-256, SHA-384, SHA-512
Certicate thumbprint algorithm SHA1
*1
Requir
ements for the certicate contained in a key are pursuant to CA certicates.
*2
SHA384-RSA and SHA512-RSA are available only when the RSA key length is 1024 bits or more.
● The machine does not support use of a certicate r
evocation list (CRL).
◼ Denition of "
Weak Encryption"
When <Prohibit Use of Weak Encrypt.> is set to <On>, the use of the following algorithms is prohibited.
Hash: MD4, MD5, SHA-1
HMAC: HMAC-MD5
Common key cryptosystem: RC2, RC4, DES
Public key cryptosystem:
RSA encryption (512 bits/1024 bits), RSA signature (512 bits/1024 bits), DSA (512 bits/1024
bits), DH (512 bits/1024 bits)
● Even when <Pr
ohibit Weak Encryp. Key/Cert.> is set to <On>, the hash algorithm SHA-1, which is used for
signing a root certicate, can be used.
Appendix
685
Loading ...
Loading ...
Loading ...