40
Troubleshooting
SSL/TLS Certificate Errors
Error | Cause / Solution | |
|
| |
"SSL certificate problem: | This error indicates that the remote server’s certificate was | |
certificate is not yet valid" | incorrectly issued or that the printer’s date and/or time are | |
| incorrect. Check that the printer’s date and time (rtc.date and | |
| rtc.time) are set correctly and that the certificate’s start and | |
| expiration date are valid. | |
| Note • For printers that do not have a battery to store the | |
| Real Time Clock (RTC) value, the date will be restored | |
| to the default value upon a power cycle. The default | |
| value depends upon how the rtc.date SGD is managed. | |
| If it has never been set then it will default to the | |
| firmware build date (the value in appl.date). | |
| Otherwise, the value in rtc.date will default to the | |
| value that it was last set to. This does not mean the value | |
| of the rtc.date when it was power cycled. It means that | |
| when a user sets rtc.date that becomes the new default | |
| value. | |
| If the printer has a battery then the rtc.date is never | |
| default and continues to track the date as expected. | |
|
| |
"subjectAltName does not match | Part of the certificate validation process involves making sure | |
1.2.3.4" | that the remote server is who it claims to be. A certificate can be | |
| created to validate against several aliases/DNS names. Typically | |
"SSL certificate subject name | ||
the certificate will not contain the IP address of the server as IP | ||
'examplecorpinc.com' does not match | ||
addresses are subject to change. When specifying the remote | ||
target host name '1.2.3.4'" | ||
server’s URL via weblink.ip.conn1.location be sure to | ||
| ||
| specify one of the DNS aliases listed in the certificate. The valid | |
| names will be listed either under the Common Name (CN) field | |
| and/or the subjectAltName (SAN or Subject Alternate Name) | |
| field within the certificate. For example, the certificate may | |
| have the CN set to 'examplecorpinc' and the SAN set to | |
| 'examplecorpinc.com' or 'alias.for.examplecorpinc.com'. | |
| Any of the CN or SAN names can be used, but, as the IP address | |
| is not listed in the CN or SAN it cannot. It is not recommended | |
| that the IP address be part of the SAN if a DNS name is | |
| available to avoid connection issues that may arise due to subnet | |
| change or DHCP lease expirations, etc. | |
|
| |
"Unknown SSL protocol error in | When this message is seen it means that the remote server’s | |
connection to ...” | SSL/TLS configuration is incorrect. Refer to Troubleshooting | |
| on page 42 to ensure the server and printer are both configured | |
| correctly. | |
|
| |
I do not see any of these errors, but the | Refer to Troubleshooting on page 42 to ensure the server and | |
printer still does not connect. | printer are both configured correctly. | |
|
|
| 1/20/15 |
