Xerox Printer Certificate

ExInSCI · March 3, 2020, 6:49pm

This thread talks to the situation I am in, the Printer has created a CSR for me, I understand that LetsEncrypt.com uses the ACME protocol:

https://community.letsencrypt.org/t/ssl-ca-certificate-for-network-printers/111292/5

I am trying to get google cloud print, and maybe scan to email, to work on a Xerox Workcentre 6515 and I get trust errors (see below) when accessing the printer website with Safari and Chrome won’t even let me access the printer webpage.

I suspect that the certificate error that the printer has is limiting me from using the internet enabled features.

I think that if I download the certificate and add it to my keychain then at least chrome will let me go to the printer webpage.
I can’t seem to find a way to download the self-signed certificate https://www.support.xerox.com/support/workcentre-6515/file-redirect/enus.html?operatingSystem=macOS10_15&fileLanguage=en&contentId=141769

NET::ERR_CERT_INVALID

Subject: XC-6EF46F

Issuer: XC-6EF46F

Expires on: May 20, 2028

Current date: Mar 3, 2020

PEM encoded chain:

-----END CERTIFICATE-----

I have read a few other threads: This thread was of little use to me: Installing Let's Encrypt into printer server

My domain is: local at this point
I ran this command: It produced this output: N/A
My web server is (include version): a printer web server
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know):
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

stevenzhu · March 3, 2020, 6:57pm

In most cases, using signed certificate or not will not affect your ability to use Google Cloudprint or email. You can also skip the invalid certificate warning for the management page (in your internal network).

If your domain is not registered, you can't get a certificate from Let's Encrypt.

P.S. Google CloudPrint is being phased out by Google.

schoen · March 3, 2020, 7:01pm

Hi @ExInSCI,

There is some reason that Chrome refuses to import that self-signed certificate from the printer, but I'm not sure what the reason is, since it doesn't give an error message—it just doesn't import. I'm afraid you may have to ask on a Chrome or Xerox forum to find out why this is.

Yes, in order to switch over to a Let's Encrypt certificate, you would need a publicly-registered domain name. This is the only case in which Let's Encrypt can issue certificates.

It's definitely a nuisance that it's so hard to use HTTPS to access devices on a LAN, as opposed to Internet servers. The biggest difficulty is probably that the HTTPS infrastructure was really designed for Internet servers, which have a unique name (ibm.com is the only ibm.com, there isn't a different one in my network and your network). On local networks devices generally don't have a unique name (anyone could have a printer.local or a fileserver.internal) and so publicly-trusted certificates don't make very much sense. If the publicly-trusted certificate model were imported into LANs this way, you could take your printer to someone else's LAN (for example) and then trick people into printing onto your printer instead of the printer they expect. Or if you took your computer to someone else's LAN, they might deliberately or accidentally trick you into connecting to their services instead of your home LAN's services.

ExInSCI · March 4, 2020, 5:21pm

thank you all,

I found a way to download the printer’s certificate and add it to my keychain.
it appears as if the cert was not the issue with google cloud print.
The 6515 is supposed to be cloud print ready but it fails to register, maybe a Xerox issue…

system · April 3, 2020, 5:21pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.