1. Field of the Invention
The present invention relates to an image forming apparatus which securely transmits print data via a network, a printing method, and a storage medium.
2. Description of the Related Art
Conventionally, printing can be performed from a print client personal computer (PC) via a network on a device such as an image forming apparatus connected to the network. In such a case, it is necessary for the print client PC to detect the device on the network, and then to install driver software for using the detected device. A standard technique such as Web Services on Devices (WSD) previously proposed by Microsoft Corporation is a specification for performing the above-described series of processes in a simplified manner. The WSD employs, when the print client PC searches for the device on the network, a WS-Discovery specification. The WS-Discovery specification is defined in http://specs.xmlsoap.org/ws/2005/04/discovery/ws-discovery.pdf. Further, the WSD employs a secure WSD specification for encrypting network data to be communicated. The secure WSD specification is defined in http://msdn.microsoft.com/en-us/library/bb204786 (v=VS.85).aspx. The secure WSD specification employs Transport Layer Security (TLS) defined by Request For Comment (RFC) 2246.
In using TLS, the print client PC encrypts network data to prevent falsification and eavesdropping of the network data, and performs certificate verification to prevent spoofing. More specifically, when the print client performs certificate verification, server certificate is signed by a public certificate authority (CA) to assure validity of the server certificate. A CA certificate is stored in the print client, the server certificate is stored in a server, and the server transmits the server certificate to the print client, so that the print client verifies the validity of the certificate.
If the print client is to verify the validity of the server by performing certificate verification using TLS, the CA certificate which has a chain relation with the server certificate is to be stored in the print client. However, such an operation requires the public CA to sign the certificate, or a user to independently organize a private CA and have the certificate signed. As a result, cost and effort are required in performing the operation.
To solve such situation, there is a method in which a self-signed certificate is used in TLS to reduce the load in organizing the above-described environment. In such a case, the situation is solved by storing the self-signed certificate in a server side. Japanese Patent Application Laid-Open No. 2007-334753 discusses an operation using proxy authentication.
However, since there is no CA certificate in a print client side with which the print client can verify the validity of the certificate transmitted from the server, the print client cannot verify the validity. It is thus previously determined whether to continue the process even when the print client side cannot perform verification, or the user is caused to select whether to continue the process when the certificate is received. If the process is to be continued, it indicates that the server has not been authenticated, so that there is a risk of spoofing. In other words, if the self-signed certificate is used in TLS, the operation cost and effort can be reduced. However, there is a risk of spoofing.