Manuals
/
HP
/
Computer Equipment
/
All in One Printer
HP
250m Print Server - Fast Ethernet manual Select R2 and hit “Export…” Click Next
Models:
250m Print Server for Fast Ethernet
1
66
95
95
Download
95 pages
26.91 Kb
63
64
65
66
67
68
69
70
<
>
Install
Error codes
Network Diagram
Under the heading “Jetdirect Certificate”, press “Configure…”
Enter the credentials that will allow a certificate to be issued
IE7 Certificate Error
SSL/TLS Server Settings
What is
Using HTTPS with HP Jetdirect
Page 66
Image 66
Select R2 and hit “Export…”
Click Next
66
Page 65
Page 67
Page 66
Image 66
Page 65
Page 67
Contents
whitepaper
Introduction
Table of Contents
HP Jetdirect and SSL/TLS
What is SSL/TLS?
Figure 1 - HTTP Application
Figure 2 - HTTPS Application
Web Browser HTTP
HTTPS Decoded
Figure 3 - Application Changes
API Socket… TCP IP
Figure 4 - HTTP Session
Figure 5 - Secure Connection
Clicking “More Info”, we get the dialog in Figure
Figure 6 - More Info
Figure 7 - Security Alert
Figure 8 - HTTPS Session
Figure 9 - Lock Icon
Certificate Details
Figure 10 - Certificate Details
Digital Certificates
Figure 11 - IE6 Security Alert
Figure 12 - IE7 Certificate Error
Figure 13 - IE7 Certificate Error
Public Key Infrastructure and Public Key Certificate Basics
Figure 14 - Certificate Information
Figure 15 - Symmetric Cryptography
Figure 16 - Asymmetric Cryptography
Figure 17 - Digital Signature
Figure 18 - Digital Signature Verification
Figure 19 - Certificate Authority
Jack’s Public Key
Figure 20 - Public Key Certificates
Figure 21 - Self-Signed Certificate
SSL/TLS Protocol Basics
Figure 22 - SSL/TLS Protocol Structures
Server
Figure 23 -Client Hello
Figure 24 - Server Hello
Figure 25 - Server Certificate Verification
Server
Client
Figure 26 - Keying Material
Server
Figure 27 - Client Finished
Client
Using HTTPS with HP Jetdirect
Figure 28 - Server Finished
Server
Figure 29 - CA Heirarchy
Figure 30 - Network Diagram
Page
Page
Under the heading “Jetdirect Certificate”, press “Configure…”
Page
Click “Save As”
Store it in a directory on the client
Now we are going to bring up R2’s CA web server
Enter the credentials that will allow a certificate to be issued
Click “advanced certificate request”
Select the second link “Submit a certificate request….”
Click “Download certificate”. DER encoding is fine
Save it
Now we select “Install Certificate” and click “Next”
Point it to the file obtained from the R2 CA. Click “Finish”
Cool - it worked. Click “OK”
Page
Click “Download a CA certificate, certificate chain, or CRL”
Save it Go to “Tools” and click “Internet Options”
Click “Certificates”
Click “Import…” Click “Next”
Select the file Click “Next”
Select “Automatically select the certificate store….” Click “Next”
Click “Finish”
Click “OK”
Page
Here is our DNS entry which matches the Subject CN in the certificate
We ping it just to be sure. Looks good
A Detailed Look at the SSL/TLS Connection
We see the TCP connection is established to “https” or TCP port
443. The client is 192.168.0.25 and the web server is
Page
Same info coming from the server this time
Page
Check for server certificate revocation is not selected
Let’s select it and restart IE7
Another CRL request to R2
SSL/TLS Server Settings
HP Jetdirect as an SSL/TLS Client
We are asked for credentials and we provide them and hit OK
Error message - it didn’t work. Let’s look at a trace
Page
Page
Select R2 and hit “Export…” Click Next
Select DER. Click Next Save it
Save it Click “Finish”
Under the heading “CA Certificate”, click “Configure”
Select Install and click “Next”
Select the file. Click Finish Click OK
The status for the CA Certificate is now “Installed”
We try again and it still fails
Same message. What did we do wrong?
Install it
We need the
Try again. Another failure! Let’s check the trace
We use the DNS name and try again Success
Page
SSL/TLS Client Understanding Certificate Chains
Figure 31 - CA Hierarchy
Page
Figure 33 - RootCA
What Certificates should be configured on
The Subordinate CA cannot be used as the CA certificate on Jetdirect
Figure 34 - Incorrect HP Jetdirect CA Configuration
Jetdirect so that an SSL Client will be successful?
Figure 35 - Correct HP Jetdirect CA Configuration
CORRECT
Figure 36 - Walking the Chain
Figure 37 - Walking the Chain
SSL/TLS Client Certificates and Name Verification
Figure 38 - Subject
Figure 39 - SubjectAltName
Match dNS Name
Effectively, the algorithm is going to be something like this
If dNSName is present
Else
Figure 40 - OU
Page
IPP over SSL/TLS
Click “Next” Select “A network printer…”
Select the appropriate driver
Now we have a printer. Right Click and select properties
Click “Finish”
Print a test page Yep - we have our print data protected by SSL/TLS
HP Jetdirect Certificate Guidelines
Embedded Devices and Digital Certificates
Which HP Jetdirect Products Support SSL/TLS?
Summary