1. Field of the Invention
The present invention relates to a communication apparatus with an HTTP server function, and a control method for the communication apparatus.
2. Description of the Related Art
An HTTP server or HTTPS server (secure HTTP based on SSL) operating on an image processing apparatus or the like displays a Web page in response to an HTTP or HTTPS request. HTTPS communication requires an SSL (Secure Socket Layer) certificate to prevent server spoofing and to realize communication path encryption. If there is no such certificate, the server cannot receive an HTTPS request from a client.
The SSL certificate includes a certificate (to be referred to as a CA-signed certificate hereinafter) which is signed by a CA (Certificate Authority), and a selfsigned certificate which is not signed by a CA. If the selfsigned certificate is used, it is impossible to prevent server spoofing. A user who connects to an HTTPS server which uses a selfsigned certificate has to determine whether to trust the selfsigned certificate presented by the server.
On the other hand, the CA-signed certificate is expensive. Furthermore, since the certificate includes the host name of the apparatus of the user on the network, it is impossible to install it upon shipping an embedded apparatus such as an image processing apparatus. Therefore, an embedded apparatus on which a selfsigned certificate created by a manufacturer has been installed is shipped.
To make SSL communication between the browser of a PC and an image processing apparatus or the like on the server side on which a Web application operates, an SSL certificate is necessary on the server side to realize communication path encryption and to prevent apparatus spoofing. The SSL certificate includes a CA-signed certificate and a selfsigned certificate which is not signed by a CA. Since a CA-signed certificate includes information (a host name and the like) of an apparatus, it is necessary to acquire a CA-signed certificate for each server from the CA. Furthermore, a CA-signed certificate is expensive. When shipping an image processing apparatus on the server side, therefore, not a CA-signed certificate but a selfsigned certificate has been installed on it. This is because the apparatus cannot receive any SSL communication from a client without an SSL certificate, and thus cannot even notify the user on the client side that there is no SSL certificate.
Since any user can create a selfsigned certificate, it is useless for preventing apparatus spoofing by an attacker. Although the certificate can be used for communication path encryption, the communication path may be wiretapped by spoofing. To execute secure SSL communication, it is necessary to install a CA-signed certificate on an image processing apparatus on the server side, and use it.
Japanese Patent Laid-Open No. 2005-130449 describes a technique in which when there is only a selfsigned certificate, a certificate install page is returned to a client. Although the certificate install page should be used by only the administrator of an apparatus, however, it is impossible to limit access to the certificate install page by a general user.