Xerox Printer Certificate

This thread talks to the situation I am in, the Printer has created a CSR for me, I understand that LetsEncrypt.com uses the ACME protocol:

https://community.letsencrypt.org/t/ssl-ca-certificate-for-network-printers/111292/5

I am trying to get google cloud print, and maybe scan to email, to work on a Xerox Workcentre 6515 and I get trust errors (see below) when accessing the printer website with Safari and Chrome won’t even let me access the printer webpage.

I suspect that the certificate error that the printer has is limiting me from using the internet enabled features.

I think that if I download the certificate and add it to my keychain then at least chrome will let me go to the printer webpage.
I can’t seem to find a way to download the self-signed certificate https://www.support.xerox.com/support/workcentre-6515/file-redirect/enus.html?operatingSystem=macOS10_15&fileLanguage=en&contentId=141769

NET::ERR_CERT_INVALID

Subject: XC-6EF46F

Issuer: XC-6EF46F

Expires on: May 20, 2028

Current date: Mar 3, 2020

PEM encoded chain:

-----BEGIN CERTIFICATE-----
MIIDHTCCAgWgAwIBAgIQA53EZdDxiNIsMuF/1ckpUDANBgkqhkiG9w0BAQsFADAU
MRIwEAYDVQQDEwlYQy02RUY0NkYwHhcNMjAwMzAzMTYxMjE3WhcNMjgwNTIwMTYx
MjE3WjAUMRIwEAYDVQQDEwlYQy02RUY0NkYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDVjcLQWiqfDg9Njjb60n0gxJnQ0dFm5F8u/apQ71z0d3qokChd
QlAnrT9hNMA0L0ORoa2aut0/no4XOm4mkrTFJ4RH4gEIgRIJ8c0JL+UJmFU58j/X
pG2nAh3LrKuSnmYxoE/Scv2rNTKHcpXNQYi05A0ahaFWZ4nU6ExYuL+wYI6NFJVa
V109Fq1oWIR+dFUDY8L3UmCRuH8NPEq5uMXbU79bk+/T8wP+s+O8hAP32eMFL7Wk
tokybUfu9GH7YICRP4q9tIirm9EQnqJ9/Av4oNvjtVP/NdxLOxDrCcQifQpOVK01
RfA8+EINg6gfTy5G4fDGM4vWzxcKpFMjkvfJAgMBAAGjazBpMAsGA1UdDwQEAwIB
pjAPBgNVHRMBAf8EBTADAQH/MC4GCWCGSAGG+EIBDQQhFh9TZWxmIFNpZ25lZCBD
ZXJ0aWZpY2F0ZShTeXN0ZW0pMBkGA1UdEQQSMBCCDlhDMGJlNmRkLmxvY2FsMA0G
CSqGSIb3DQEBCwUAA4IBAQAR2XKYUmxRyEoAk1nvIF0S38CgUu5urMRN3Tt1keQh
YA58smZtkD2mHZpwaVp+9eQSr6q1KkCwjw3qQK4AQCIx3IReWmTGy6UhuSpLHKc7
+qq2VGQxjRwPX8xYQ6tcS6+xoxXX2glIskJbV1rsMbWi5enYss3eg7TaACafGOFP
qcQbxdAGBXuK4o/AQANcx84tBYvZZxHX9AvsPlhNgZDHLUOIyvaBwVeTsPuszOYk
8+JQitALIRcJXcZUWD+WOwoNTtqRWBEBp6gzWM8Ttz4RcgYXqDl/srXUGOYPAkmF
BHyy5uIEJWLoYuoKCTYKiMDCoqvFUWXSBwsP0G/QOgfe

-----END CERTIFICATE-----

I have read a few other threads: This thread was of little use to me: Installing Let's Encrypt into printer server

My domain is: local at this point
I ran this command: It produced this output: N/A
My web server is (include version): a printer web server
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know):
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

In most cases, using signed certificate or not will not affect your ability to use Google Cloudprint or email. You can also skip the invalid certificate warning for the management page (in your internal network).

If your domain is not registered, you can't get a certificate from Let's Encrypt.

P.S. Google CloudPrint is being phased out by Google.

Hi @ExInSCI,

There is some reason that Chrome refuses to import that self-signed certificate from the printer, but I'm not sure what the reason is, since it doesn't give an error message—it just doesn't import. I'm afraid you may have to ask on a Chrome or Xerox forum to find out why this is.

Yes, in order to switch over to a Let's Encrypt certificate, you would need a publicly-registered domain name. This is the only case in which Let's Encrypt can issue certificates.

It's definitely a nuisance that it's so hard to use HTTPS to access devices on a LAN, as opposed to Internet servers. The biggest difficulty is probably that the HTTPS infrastructure was really designed for Internet servers, which have a unique name (ibm.com is the only ibm.com, there isn't a different one in my network and your network). On local networks devices generally don't have a unique name (anyone could have a printer.local or a fileserver.internal) and so publicly-trusted certificates don't make very much sense. If the publicly-trusted certificate model were imported into LANs this way, you could take your printer to someone else's LAN (for example) and then trick people into printing onto your printer instead of the printer they expect. Or if you took your computer to someone else's LAN, they might deliberately or accidentally trick you into connecting to their services instead of your home LAN's services.

thank you all,

I found a way to download the printer’s certificate and add it to my keychain.
it appears as if the cert was not the issue with google cloud print.
The 6515 is supposed to be cloud print ready but it fails to register, maybe a Xerox issue…

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.