HP 250m Print Server for Fast Ethernet manual Whitepaper, Introduction

Page 1

whitepaper

HP Jetdirect and SSL/TLS

June 2008

Table of Contents:

 

Introduction

1

What is SSL/TLS?

2

HTTPS Decoded

3

Digital Certificates

9

Public Key Infrastructure and Public Key Certificate Basics

12

SSL/TLS Protocol Basics

20

Using HTTPS with HP Jetdirect

26

A Detailed Look at the SSL/TLS Connection

52

SSL/TLS Server Settings

60

HP Jetdirect as an SSL/TLS Client

61

SSL/TLS Client: Understanding Certificate Chains

77

SSL/TLS Client: Certificates and Name Verification

83

IPP over SSL/TLS

89

HP Jetdirect Certificate Guidelines

94

Embedded Devices and Digital Certificates

94

Which HP Jetdirect Products Support SSL/TLS?

95

Summary

95

Introduction

HP Jetdirect introduced SSL/TLS support in early 2002 with the 615n EIO Print Server. A free firmware upgrade allowed the 610n EIO print server, shipped in 2000, the same capability. Suddenly, a few million HP Jetdirect EIO cards had SSL/TLS capability. Why?

The answer was secure management. HP printing and imaging devices were becoming more complex and more feature oriented. They were becoming valuable assets to a company’s infrastructure. Having the ability to use a browser to manage a device using HTTP was one thing, using the same browser and using HTTPS to manage it securely was a great benefit. Unfortunately, many users of HTTPS are under a false sense of security because they have not deployed SSL/TLS

1

Image 1
Contents Introduction WhitepaperHttp Application What is SSL/TLS?Application Changes Https DecodedHttp Session More Info Https Session Lock Icon Certificate Details IE6 Security Alert Digital CertificatesIE7 Certificate Error IE7 Certificate Error Certificate Information Public Key Infrastructure and Public Key Certificate BasicsSymmetric Cryptography Asymmetric Cryptography Digital Signature Digital Signature Verification Certificate Authority Public Key Certificates Self-Signed Certificate SSL/TLS Protocol Structures SSL/TLS Protocol BasicsClient Hello Server Hello Server Certificate Verification Keying Material Client Finished Server Finished Using Https with HP JetdirectCA Heirarchy Network Diagram Page Page Under the heading Jetdirect Certificate, press Configure… Page Page Page Page Page Page Page Page Page Page Page Save it Go to Tools and click Internet Options Click Certificates Click Import… Click Next Select the file Click Next Page Page Page Page Page Detailed Look at the SSL/TLS Connection Page Page Page Page Check for server certificate revocation is not selected Page Page SSL/TLS Server Settings HP Jetdirect as an SSL/TLS Client Page Page Page Page Select R2 and hit Export… Click Next Select DER. Click Next Save it Save it Click Finish Page Select the file. Click Finish Click OK Page Same message. What did we do wrong? Page Page We use the DNS name and try again Success Page CA Hierarchy SSL/TLS Client Understanding Certificate ChainsPage RootCA Incorrect HP Jetdirect CA Configuration Correct HP Jetdirect CA Configuration Walking the Chain SSL/TLS Client Certificates and Name Verification Subject SubjectAltName Page Page Page IPP over SSL/TLS Click Next Select a network printer… Page Page Print a test Yep we have our print data protected by SSL/TLS Embedded Devices and Digital Certificates HP Jetdirect Certificate GuidelinesSummary Which HP Jetdirect Products Support SSL/TLS?