Hi Folks,
This is my first "post" and I'm still "wet behind the ears" with this whole
certificate thing so please be gentle with me...
I'm trying to fix a security compliance issue on some of our networked
printers in the office, the problem seems to be due to the CN settings in
the default JetDirect certificate...
Having fixed other compliance using OpenSSL Certificates I thought I'd try
generating one for a printer - try being the operative word!
I've searched the archives and found the posts about JetDirect from 2003 but
can't get the solution to work for me!
Essentially, I did the following using one of the OpenSSL for Windows
compilations...
1. Generated a Private Key
openssl genrsa -des3 -out server.key 1024
2. Generated a CSR with the corrected CN through the JetDirect web interface
-----BEGIN CERTIFICATE REQUEST-----
MIIB2DCCAWoCAQIwgb0xHzAdBgNVBAMTFnRzcGNvbGFzZXIxLnRtYmMubG9jYWwx
EjAQBgNVBAcTCUtpbmdzaGlsbDENMAsGA1UECBMES2VudDELMAkGA1UEBhMCZ2Ix
LDAqBgNVBAoUI1RvbmJyaWRnZSAmIE1hbGxpbmcgQm9yb3VnaCBDb3VuY2lsMRUw
EwYDVQQLEwwwMDAxRTZBMjAxNjYxDzANBgNVBAsTBko2MDU3QTEUMBIGA1UECxML
SVQgU2VydmljZXMwczANBgkqhkiG9w0BAQEFAANiADBfAlgLgZKhfFA1BTSLqEgf
aUmavvzoQFcZ65jrpGvpTjfPbuEmaGsZ+87EifdkhtZnsqg5AyC2P6xDP3X4pdyT
7HgxFH/T58UBE5+w6pATyYWTLLK7H1/TppytAgMBAAGgMDAuBgkqhkiG9w0BCQ4x
ITAfMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQQF
AANZAAhGpCaTH7PjUFRq8+ECP/faAv5AFUD+n2SxS6pDlWhRSuFhJZVQzbcl0CNB
I8MV+wZdKmSd63rLy8Od9tsTVgkcm9VWZRzYk9CtxgEyPWLwn88t5qGlnzI=
-----END CERTIFICATE REQUEST-----
3. Removed the Passphrase from the key
copy server.key server.key.ori
openssl rsa -in server.key.ori -out server.key
4. Added the following to my openssl.cfg file in the [usr_cert] section as
recommended in the 2003 posts
extendedKeyUsage = clientAuth, serverAuth
5. Generated my certificate
openssl x509 -req -days 3652 -in printer.csr -signkey server.key
-out printer.crt -extfile openssl.cfg -extensions usr_cert
Everything seems OK, "openssl x509 -in printer.crt -text -purpose" looks
good including the [usr_cert] stuff, but when I paste the content of the
.crt file on the printer I get the following: - "The certificate entered was
invalid. Please try again and be sure to include the entire certificate
correctly."
Is there some kind soul out there who can enlighten me as to what I'm
missing?
TIA!
Andy B.
__________ Information from ESET NOD32 Antivirus, version of virus signature
database 5076 (20100430) __________
The message was checked by ESET NOD32 Antivirus.
http://www.eset.com
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
