HP 250m Print Server for Fast Ethernet manual HP Jetdirect as an SSL/TLS Client

Page 61

The setting “Encryption Strength” controls the cipher suites that Jetdirect will select from a client request. The default setting is “Low” which is a bit misleading – it really means that all cipher suites that Jetdirect supports can be used including ciphers that aren’t considered as secure anymore. If the client can only support DES, Jetdirect will still accept it. However, if the client offers DES and other cipher suites, Jetdirect will prefer higher security ciphers when presented with the choice. Setting it to “Medium” means that the client must offer RC4 or 3DES or the SSL/TLS connection won’t be established.

Well, looks like we’ve covered all that is necessary when HP Jetdirect acts as an SSL/TLS server. But wait, there’s more! HP Jetdirect can also act as an SSL/TLS client when used by certain applications on a printer or MFP. The most popular one is LDAP over SSL/TLS. Now, what was formerly important to the SSL/TLS client (e.g., browser) becomes important for HP Jetdirect. Let’s look at what happens here.

HP Jetdirect as an SSL/TLS Client

The most common situation for HP Jetdirect to act as an SSL/TLS client is when the MFP is going to use LDAP over SSL. Keep in mind that the roles are reversed here. HP Jetdirect is going to initiate a connection and verify the server’s certificate just like a web browser would. Let’s set this up.

61

Image 61

Contents Introduction WhitepaperHttp Application What is SSL/TLS?Application Changes Https DecodedHttp Session More Info Https Session Lock Icon Certificate Details IE6 Security Alert Digital CertificatesIE7 Certificate Error IE7 Certificate Error Certificate Information Public Key Infrastructure and Public Key Certificate BasicsSymmetric Cryptography Asymmetric Cryptography Digital Signature Digital Signature Verification Certificate Authority Public Key Certificates Self-Signed Certificate SSL/TLS Protocol Structures SSL/TLS Protocol BasicsClient Hello Server Hello Server Certificate Verification Keying Material Client Finished Server Finished Using Https with HP JetdirectCA Heirarchy Network Diagram Page Page Under the heading Jetdirect Certificate, press Configure… Page Page Page Page Page Page Page Page Page Page Page Save it Go to Tools and click Internet Options Click Certificates Click Import… Click Next Select the file Click Next Page Page Page Page Page Detailed Look at the SSL/TLS Connection Page Page Page Page Check for server certificate revocation is not selected Page Page SSL/TLS Server Settings HP Jetdirect as an SSL/TLS Client Page Page Page Page Select R2 and hit Export… Click Next Select DER. Click Next Save it Save it Click Finish Page Select the file. Click Finish Click OK Page Same message. What did we do wrong? Page Page We use the DNS name and try again Success Page CA Hierarchy SSL/TLS Client Understanding Certificate ChainsPage RootCA Incorrect HP Jetdirect CA Configuration Correct HP Jetdirect CA Configuration Walking the Chain SSL/TLS Client Certificates and Name Verification Subject SubjectAltName Page Page Page IPP over SSL/TLS Click Next Select a network printer… Page Page Print a test Yep we have our print data protected by SSL/TLS Embedded Devices and Digital Certificates HP Jetdirect Certificate GuidelinesSummary Which HP Jetdirect Products Support SSL/TLS?