HP 250m Print Server - Fast Ethernet, 250m Print Server for Fast Ethernet Certificate Details

Page 8

Figure 10 - Certificate Details

Something is very wrong here. We went from yellow warning symbols and green checkmark to a big red X symbol. We have a 128 bit SSL secured session with the HP MFP but we now have a big red X indicating a trust problem.

This problem is best explained through an example. Let’s assume that you are a famous celebrity and that you are having an electrical contractor work on your mansion. The contractor completed the work but will only accept cash as payment and you don’t have any cash on you. You have to go to the Automated Teller Machine (ATM). You summon 10 bodyguards and get into your armor plated limousine and go to the shopping mall. The bodyguards surround you and you go to the first ATM you see and put in your card and punch in your PIN#. The ATM returns the message: “Temporarily out of service” and gives you your card back. You then go to another ATM and get the money and return home. The next day, your bank account is cleaned out. You assume that one of your body guards saw your PIN # and “borrowed” your card while you were sleeping. You fire all your bodyguards. Was that the correct thing to do?

Probably not. You were most likely a victim of a fake ATM machine. You went to the ATM machine in a secure fashion. You left the ATM machine in a secure fashion. You just went to a non-trusted ATM machine! The same type of attack exists with SSL/TLS. To avoid being a victim of this attack, we need to pay attention to the digital certificate and to the dialog boxes associated with the SSL/TLS connection. In short, although we used HTTPS in this example to “secure” our session with the HP MFP, we actually are not secure and what is worse, we probably have a false sense of security. In order to utilize SSL/TLS securely, we need to learn more about digital certificates.

8

Page 7 Page 9
Image 8
Page 7 Page 9
Contents Whitepaper IntroductionWhat is SSL/TLS? Http ApplicationHttps Decoded Application ChangesHttp Session More Info Https Session Lock Icon Certificate Details Digital Certificates IE6 Security AlertIE7 Certificate Error IE7 Certificate Error Public Key Infrastructure and Public Key Certificate Basics Certificate InformationSymmetric Cryptography Asymmetric Cryptography Digital Signature Digital Signature Verification Certificate Authority Public Key Certificates Self-Signed Certificate SSL/TLS Protocol Basics SSL/TLS Protocol StructuresClient Hello Server Hello Server Certificate Verification Keying Material Client Finished Using Https with HP Jetdirect Server FinishedCA Heirarchy Network Diagram Page Page Under the heading Jetdirect Certificate, press Configure… Page Page Page Page Page Page Page Page Page Page Page Save it Go to Tools and click Internet Options Click Certificates Click Import… Click Next Select the file Click Next Page Page Page Page Page Detailed Look at the SSL/TLS Connection Page Page Page Page Check for server certificate revocation is not selected Page Page SSL/TLS Server Settings HP Jetdirect as an SSL/TLS Client Page Page Page Page Select R2 and hit Export… Click Next Select DER. Click Next Save it Save it Click Finish Page Select the file. Click Finish Click OK Page Same message. What did we do wrong? Page Page We use the DNS name and try again Success Page SSL/TLS Client Understanding Certificate Chains CA HierarchyPage RootCA Incorrect HP Jetdirect CA Configuration Correct HP Jetdirect CA Configuration Walking the Chain SSL/TLS Client Certificates and Name Verification Subject SubjectAltName Page Page Page IPP over SSL/TLS Click Next Select a network printer… Page Page Print a test Yep we have our print data protected by SSL/TLS HP Jetdirect Certificate Guidelines Embedded Devices and Digital CertificatesWhich HP Jetdirect Products Support SSL/TLS? Summary
Top Page Image Contents