HP 250m Print Server - Fast Ethernet Public Key Infrastructure and Public Key Certificate Basics

Page 12

Public Key Infrastructure and Public Key Certificate Basics

Let’s go back to the certificate information dialog, shown in Figure 14:

Figure 14 - Certificate Information

Here is the message: “This CA Root certificate is not trusted.” To enable trust, install this certificate in the Trusted Root Certification Authorities store”. What the message is trying to say is that “HP Jetdirect 85C1F319”, who issued the certificate “HP Jetdirect 85C1F319”, is not trusted. Because the “Issued by:” name is the same as the “Issued to:” name, this is a self-signed certificate.

The Security Alert dialog is troubling because it is indicative of a trust problem. In the terms of our analogy, it would be like a driver, who has been pulled over by the Highway Patrol, handing the officer a driver’s license that the driver has created for himself indicating that he has the privilege to drive in the state. The Highway Patrol would obviously not trust it and unfortunately may not consider it a laughing matter.

In essence, a digital certificate, one used by computers, binds an identity to a key and needs to be issued by a trusted third party. What is a key? A key is a secret that is used in cryptographic algorithms. There are public keys and private keys used for asymmetric cryptography and symmetric keys used for symmetric cryptography. Let’s look at symmetric cryptography first.

12

Image 12

Contents Whitepaper IntroductionWhat is SSL/TLS? Http ApplicationHttps Decoded Application ChangesHttp Session More Info Https Session Lock Icon Certificate Details Digital Certificates IE6 Security AlertIE7 Certificate Error IE7 Certificate Error Public Key Infrastructure and Public Key Certificate Basics Certificate InformationSymmetric Cryptography Asymmetric Cryptography Digital Signature Digital Signature Verification Certificate Authority Public Key Certificates Self-Signed Certificate SSL/TLS Protocol Basics SSL/TLS Protocol StructuresClient Hello Server Hello Server Certificate Verification Keying Material Client Finished Using Https with HP Jetdirect Server FinishedCA Heirarchy Network Diagram Page Page Under the heading Jetdirect Certificate, press Configure… Page Page Page Page Page Page Page Page Page Page Page Save it Go to Tools and click Internet Options Click Certificates Click Import… Click Next Select the file Click Next Page Page Page Page Page Detailed Look at the SSL/TLS Connection Page Page Page Page Check for server certificate revocation is not selected Page Page SSL/TLS Server Settings HP Jetdirect as an SSL/TLS Client Page Page Page Page Select R2 and hit Export… Click Next Select DER. Click Next Save it Save it Click Finish Page Select the file. Click Finish Click OK Page Same message. What did we do wrong? Page Page We use the DNS name and try again Success Page SSL/TLS Client Understanding Certificate Chains CA HierarchyPage RootCA Incorrect HP Jetdirect CA Configuration Correct HP Jetdirect CA Configuration Walking the Chain SSL/TLS Client Certificates and Name Verification Subject SubjectAltName Page Page Page IPP over SSL/TLS Click Next Select a network printer… Page Page Print a test Yep we have our print data protected by SSL/TLS HP Jetdirect Certificate Guidelines Embedded Devices and Digital CertificatesWhich HP Jetdirect Products Support SSL/TLS? Summary