HP 250m Print Server - Fast Ethernet manual What is SSL/TLS?, Http Application

Page 2

correctly. One of the purposes of this whitepaper is to show administrators how to properly deploy SSL/TLS so that it can be used securely.

SSL/TLS is also used in other applications, such as LDAPS and 802.1X. This whitepaper will discuss how SSL/TLS works when Jetdirect is operating as a client (e.g., LDAPS, IPPS). 802.1X is covered extensively in a separate whitepaper. See http://www.hp.com/go/secureprinting for the latest information regarding HP’s printing and imaging products.

What is SSL/TLS?

SSL/TLS is a security protocol. It has a purpose: To provide authentication, integrity, and confidentiality to the data it encapsulates. While SSL/TLS is commonly associated with the TCP/IP protocol suite, it can be used within other frameworks as well. The most common protocol that uses SSL/TLS functionality is HTTPS. In this section, for the sake of familiarity and clarity, we’ll discuss SSL/TLS within the context of TCP/IP, primarily with HTTP and HTTPS.

Refer to Figure 1: HTTP Application. Here is the normal view of an HTTP session from a web browser to a Jetdirect device.

Figure 1 - HTTP Application

In Figure 2 – HTTPS Application, we can see how SSL/TLS is deployed. This would be done by using “HTTPS” in the URL of the browser.

Figure 2 - HTTPS Application

We can see that HTTPS is really just running HTTP over SSL/TLS which runs over TCP. How does the browser know when to use SSL/TLS? Well, the URL of “https://” indicates to the browser that it needs to change its behavior and invoke SSL/TLS. Refer to Figure 3 – Application Changes. We can

2

Image 2
Contents Whitepaper IntroductionWhat is SSL/TLS? Http ApplicationHttps Decoded Application ChangesHttp Session More Info Https Session Lock Icon Certificate Details Digital Certificates IE6 Security AlertIE7 Certificate Error IE7 Certificate Error Public Key Infrastructure and Public Key Certificate Basics Certificate InformationSymmetric Cryptography Asymmetric Cryptography Digital Signature Digital Signature Verification Certificate Authority Public Key Certificates Self-Signed Certificate SSL/TLS Protocol Basics SSL/TLS Protocol StructuresClient Hello Server Hello Server Certificate Verification Keying Material Client Finished Using Https with HP Jetdirect Server FinishedCA Heirarchy Network Diagram Page Page Under the heading Jetdirect Certificate, press Configure… Page Page Page Page Page Page Page Page Page Page Page Save it Go to Tools and click Internet Options Click Certificates Click Import… Click Next Select the file Click Next Page Page Page Page Page Detailed Look at the SSL/TLS Connection Page Page Page Page Check for server certificate revocation is not selected Page Page SSL/TLS Server Settings HP Jetdirect as an SSL/TLS Client Page Page Page Page Select R2 and hit Export… Click Next Select DER. Click Next Save it Save it Click Finish Page Select the file. Click Finish Click OK Page Same message. What did we do wrong? Page Page We use the DNS name and try again Success Page SSL/TLS Client Understanding Certificate Chains CA HierarchyPage RootCA Incorrect HP Jetdirect CA Configuration Correct HP Jetdirect CA Configuration Walking the Chain SSL/TLS Client Certificates and Name Verification Subject SubjectAltName Page Page Page IPP over SSL/TLS Click Next Select a network printer… Page Page Print a test Yep we have our print data protected by SSL/TLS HP Jetdirect Certificate Guidelines Embedded Devices and Digital CertificatesWhich HP Jetdirect Products Support SSL/TLS? Summary