Manuals
/
HP
/
Computer Equipment
/
All in One Printer
HP
250m Print Server for Fast Ethernet Check for server certificate revocation is not selected
Models:
250m Print Server for Fast Ethernet
1
57
95
95
Download
95 pages
26.91 Kb
54
55
56
57
58
59
60
61
<
>
Install
Error messages
Network Diagram
Under the heading “Jetdirect Certificate”, press “Configure…”
Enter the credentials that will allow a certificate to be issued
IE7 Certificate Error
SSL/TLS Server Settings
What is
Using HTTPS with HP Jetdirect
Page 57
Image 57
Check for server certificate revocation is not selected.
57
Page 56
Page 58
Page 57
Image 57
Page 56
Page 58
Contents
Table of Contents
Introduction
whitepaper
HP Jetdirect and SSL/TLS
What is SSL/TLS?
Figure 1 - HTTP Application
Figure 2 - HTTPS Application
Figure 3 - Application Changes
HTTPS Decoded
Web Browser HTTP
API Socket… TCP IP
Figure 4 - HTTP Session
Figure 5 - Secure Connection
Clicking “More Info”, we get the dialog in Figure
Figure 7 - Security Alert
Figure 6 - More Info
Figure 8 - HTTPS Session
Certificate Details
Figure 9 - Lock Icon
Figure 10 - Certificate Details
Figure 11 - IE6 Security Alert
Digital Certificates
Figure 12 - IE7 Certificate Error
Figure 13 - IE7 Certificate Error
Figure 14 - Certificate Information
Public Key Infrastructure and Public Key Certificate Basics
Figure 15 - Symmetric Cryptography
Figure 16 - Asymmetric Cryptography
Figure 17 - Digital Signature
Figure 18 - Digital Signature Verification
Jack’s Public Key
Figure 19 - Certificate Authority
Figure 20 - Public Key Certificates
Figure 21 - Self-Signed Certificate
Figure 22 - SSL/TLS Protocol Structures
SSL/TLS Protocol Basics
Figure 23 -Client Hello
Server
Figure 24 - Server Hello
Figure 25 - Server Certificate Verification
Figure 26 - Keying Material
Client
Server
Server
Figure 27 - Client Finished
Figure 28 - Server Finished
Using HTTPS with HP Jetdirect
Client
Server
Figure 29 - CA Heirarchy
Figure 30 - Network Diagram
Page
Page
Under the heading “Jetdirect Certificate”, press “Configure…”
Page
Click “Save As”
Now we are going to bring up R2’s CA web server
Store it in a directory on the client
Enter the credentials that will allow a certificate to be issued
Select the second link “Submit a certificate request….”
Click “advanced certificate request”
Click “Download certificate”. DER encoding is fine
Save it
Point it to the file obtained from the R2 CA. Click “Finish”
Now we select “Install Certificate” and click “Next”
Cool - it worked. Click “OK”
Page
Click “Download a CA certificate, certificate chain, or CRL”
Save it Go to “Tools” and click “Internet Options”
Click “Certificates”
Click “Import…” Click “Next”
Select the file Click “Next”
Click “Finish”
Select “Automatically select the certificate store….” Click “Next”
Click “OK”
Page
Here is our DNS entry which matches the Subject CN in the certificate
We ping it just to be sure. Looks good
A Detailed Look at the SSL/TLS Connection
443. The client is 192.168.0.25 and the web server is
We see the TCP connection is established to “https” or TCP port
Page
Same info coming from the server this time
Page
Check for server certificate revocation is not selected
Let’s select it and restart IE7
Another CRL request to R2
SSL/TLS Server Settings
HP Jetdirect as an SSL/TLS Client
We are asked for credentials and we provide them and hit OK
Error message - it didn’t work. Let’s look at a trace
Page
Page
Select R2 and hit “Export…” Click Next
Select DER. Click Next Save it
Save it Click “Finish”
Select Install and click “Next”
Under the heading “CA Certificate”, click “Configure”
Select the file. Click Finish Click OK
We try again and it still fails
The status for the CA Certificate is now “Installed”
Same message. What did we do wrong?
We need the
Install it
Try again. Another failure! Let’s check the trace
We use the DNS name and try again Success
Page
Figure 31 - CA Hierarchy
SSL/TLS Client Understanding Certificate Chains
Page
Figure 33 - RootCA
Figure 34 - Incorrect HP Jetdirect CA Configuration
The Subordinate CA cannot be used as the CA certificate on Jetdirect
What Certificates should be configured on
Jetdirect so that an SSL Client will be successful?
CORRECT
Figure 35 - Correct HP Jetdirect CA Configuration
Figure 37 - Walking the Chain
Figure 36 - Walking the Chain
SSL/TLS Client Certificates and Name Verification
Figure 38 - Subject
Figure 39 - SubjectAltName
If dNSName is present
Effectively, the algorithm is going to be something like this
Match dNS Name
Else
Figure 40 - OU
Page
IPP over SSL/TLS
Click “Next” Select “A network printer…”
Select the appropriate driver
Click “Finish”
Now we have a printer. Right Click and select properties
Print a test page Yep - we have our print data protected by SSL/TLS
Embedded Devices and Digital Certificates
HP Jetdirect Certificate Guidelines
Summary
Which HP Jetdirect Products Support SSL/TLS?