Configuring the Browser Settings on the Control Panel
Precautions for using the browser function of the control panel
Communication between the MFP and the server via a web browser is exposed to eavesdropping and data tampering. Because of this, it is recommended to install the root certificates issued for the websites the MFP is allowed to browse and enable the machine's Root Certificate Check function in advance. Access to unauthorized can be prevented by allowing the machine to access only the websites whose certificates are installed on the machine.
It is recommended to enable [Root Certificate Check] especially when you send data using Extended JavaScript.
To enable [Root Certificate Check], it is necessary to enable the machine's SSL function and install root certificates.
For details about configuring SSL, see Configuring SSL/TLS Settings.
For details about installing root certificates, see Configuring IEEE 802.1X Authentication.
The machine's Root Certificate Check settings can be specified only using a web browser from networked computers. (We use Web Image Monitor installed on this machine.)
See the related articles in the Web Image Monitor Help. If [Root Certificate Check] is disabled and the user accesses an untrusted Web site, a warning message may appear. An "untrusted website" is as follows:
It does not issue any certificate.
An unknown source issues the site's certificate.
The site's certificate has expired.
If this is the case, the connected website may have security problems. In such a case, the machine administrator must refer to "Troubleshooting", and then instruct the users to take appropriate measures accordingly.
Further, even if such a message does not appear, to minimize the risk of information leakage and data tampering, the administrator should instruct users to check the certificates and URLs of the connected websites so that access to unauthorized Web sites can be prevented.
Troubleshooting
If the connected website has a security problem, one of the following messages may appear.
If this is the case, the machine administrator must check the message and instruct the users to take appropriate measures accordingly.
“This site has a security problem. The certificate has expired.”
“This site has a security problem. The root certificate for verification does not exist.”
“This site has a security problem. Verification of the server to connect to cannot be performed.”
“This site has a security problem. The http subcontents are included in the https site.”*1
*1 The connected website contains non-encrypted data.