| Troubleshooting |
| 61 | ||
|
| ||||
| SSL/TLS Certificate Errors |
|
| ||
|
|
| |||
Error | Cause / Solution | ||||
|
| ||||
"SSL certificate problem: | This error indicates that the remote server’s certificate was |
| |||
certificate is not yet valid" | incorrectly issued or that the printer’s date and/or time are | ||||
| incorrect. Check that the printer’s date and time (rtc.date and | ||||
| rtc.time) are set correctly and that the certificate’s start and | ||||
| expiration date are valid. | ||||
| Note • For printers that do not have a battery to store the | ||||
| Real Time Clock (RTC) value, the date will be restored | ||||
| to the default value upon a power cycle. The default | ||||
| value depends upon how the rtc.date SGD is managed. | ||||
| If it has never been set then it will default to the | ||||
| firmware build date (the value in appl.date). | ||||
| Otherwise, the value in rtc.date will default to the | ||||
| value that it was last set to. This does not mean the value | ||||
| of the rtc.date when it was power cycled. It means that | ||||
| when a user sets rtc.date that becomes the new default | ||||
| value. | ||||
| If the printer has a battery then the rtc.date is never | ||||
| default and continues to track the date as expected. | ||||
|
|
| |||
"subjectAltName does not match | Part of the certificate validation process involves making sure | ||||
1.2.3.4" | that the remote server is who it claims to be. A certificate can be | ||||
| created to validate against several aliases/DNS names. Typically | ||||
"SSL certificate subject name | |||||
the certificate will not contain the IP address of the server as IP | |||||
'examplecorpinc.com' does not match | |||||
addresses are subject to change. When specifying the remote | |||||
target host name '1.2.3.4'" | |||||
server’s URL via weblink.ip.conn1.location be sure to | |||||
| |||||
| specify one of the DNS aliases listed in the certificate. The valid | ||||
| names will be listed either under the Common Name (CN) field | ||||
| and/or the subjectAltName (SAN or Subject Alternate Name) | ||||
| field within the certificate. For example, the certificate may | ||||
| have the CN set to 'examplecorpinc' and the SAN set to | ||||
| 'examplecorpinc.com' or 'alias.for.examplecorpinc.com'. | ||||
| Any of the CN or SAN names can be used, but, as the IP address | ||||
| is not listed in the CN or SAN it cannot. It is not recommended | ||||
| that the IP address be part of the SAN if a DNS name is | ||||
| available to avoid connection issues that may arise due to subnet | ||||
| change or DHCP lease expirations, etc. | ||||
|
|
| |||
"Unknown SSL protocol error in | When this message is seen it means that the remote server’s | ||||
connection to ...” | SSL/TLS configuration is incorrect. Refer to Troubleshooting | ||||
| on page 63 to ensure the server and printer are both configured | ||||
| correctly. | ||||
|
|
| |||
I do not see any of these errors, but the | Refer to Troubleshooting on page 63 to ensure the server and | ||||
printer still does not connect. | printer are both configured correctly. | ||||
|
|
|
|
| |
10/31/13 |