Find a repair centre

Támogatás és letöltések: WorkForce Enterprise WF-C20590

Using OpenSSL to Create and Upload Certificates to TM-Printers

RELATES TO:

This document details a simple process to create and upload a certificate to the following products/interfaces:

  • TM-T88VI-iUIB, TM-T88VI-iHub
  • TM-m30
  • TM-P80, TM-P60, TM-P20
  • UB-E04, UB-R04

This guide was produced using a TM-m30 printer with Google Chrome 55 running on Ubuntu Linux 16.04 LTS.

EXPLANATION:

The problem:

The listed TM-Printers require all cryptography objects to be bundled as a single archive file. This is achieved using the “PKCS #12” archive file format to collect the multiple data files together.

This guide presents a simple repackaging of the private key and certificate into the required archive format.

Background:

In recent years, the creators of web browsers have worked to make their offerings more secure. In regard to HTTPS, the goal was not only to make the requirements more stringent but also to make users less likely to simply ‘click through’ errors, making themselves more vulnerable to security problems. Often, it may be necessary to upload customised cryptography objects to the printer to ensure not only security, but also compatibility with modern browsers

The following procedure is an example of a PKCS #12 archive creation, upload and select. This can be especially useful for complex scenarios, such as where certificates are signed as part of a trust chain: the entire chain can be included within the archive.

Note:

This is not a guide to OpenSSL and the systems integrator should make appropriate security arrangements of their own.

Solution:

The below steps will generate keys and certificates, package them in a PKCS#12 archive, upload them to the printer and select them in WebConfig.

  1. Generate a Private Key and Certificate

    The following line generates a key and a signed certificate, packaged in an output .pem file which contains both key and certificate.

    openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout mycert.pem -out mycert.pem

    The command will interactively prompt the user for input. Pay particular attention to the CommonName, as this must be match the root domain for the printer being installed.

  2. Repackage the Certificate as a PKCS #12 Archive

    The line below will repackage the .pem file as a PKCS #12 archive.

    openssl pkcs12 -export -out mycert.pfx -in mycert.pem -name My Certificate

    This will require the user to input a password. Make a note of this, as it will be required below.

  3. Upload the Certificate to the Printer

    Log in to the printer WebConfig by entering the IP address of the printer in a browser.

    Note:

    This may require bypassing of security warnings, see article: Fixing TM-Reciept WebConfig “Privacy Error” under Windows


    1. Select Certificate Import under the subheading SSL/TLS on the left-hand navigation bar. The view should be similar to figure 1.

      Figure 1

    2. Select as File Type Password Protected PKCS#12 Certificate.
    3. Press choose file and select your .pfx file.
    4. In password, input the password generated in step 2.
    5. Press Import.
    6. When prompted, press reset.
    7. Wait for the printer to reset. If necessary, refresh the browser window and/or log in to WebConfig via the browser.
  4. Select Self-Signed Certificate on Printer

    The next step is to select the uploaded certificate.

    1. Select Certificate List under the subheading SSL/TLS on the left-hand navigation bar. The view should be similar to figure 2.

      Figure 2

    2. Select Server Certificate as CA-Signed Certificate 1/2 or 3 (select as appropriate).

      Note:

      The certificates in each position can be viewed through the open details button.

    3. Press Send.
    4. When prompted, press Reset.
    5. Wait for the printer to reset. If necessary, refresh the browser window and/or log in to WebConfig via the browser.
  5. Check the certificate has been applied

    The next step is to view the certificate used by the printer. Instructions here are for Chrome, for other browsers see Appendix.

    1. Click the padlock in the URL bar. The view should be similar to figure 3. Press Details to reveal the Security Overview side panel.

      Figure 3

    2. Select View certificate under the Security Overview side panel, as highlighted in figure 4. This will bring up the certificate details.

      Figure 4

    3. Review the data, as highlighted in figure 5. Check this is as specified in the certificate generated in step 1.

      Figure 5

Appendices:

Review Certificates using Alternative Browsers

Firefox

  1. Click the icon showing a warning triangle overlaid on a padlock icon, as highlighted in figure 20.

    Figure 20

  2. Click the right arrow, as highlighted in figure 21.

    Figure 21

  3. Click more information, as indicated by figure 22.

    Figure 22

  4. A new dialog window opens. Click View Certificate, the location of which is displayed in figure 23.

    Figure 23

  5. The Certificate Viewer dialog will open. Review information here.

Edge:

There is no direct means to view or export certificates in Microsoft Edge.

  1. Click the icon, and then select Open with Internet Explorer as shown in figure 27.

    Figure 27

  2. Follow the procedure listed below for Internet Explorer.

Internet Explorer:

  1. Click the certificate warning in the URL bar, as highlighted in figure 28.

    Figure 28

  2. Click View certificates, circled in figure 29.

    Figure 29

  3. The certificates window will appear. Review the details here.

    Figure 30

Did you find this article helpful

Köszönjük a visszajelzését!