+ Post New Thread
Results 1 to 9 of 9
Hardware Thread, HP Printer web-interface over HTTPS in Technical; Thought I'd make a note of this as it's one that's bugged me for a while and I never realised ...
  1. #1
    contink's Avatar
    Join Date
    Jul 2006
    Location
    South Yorkshire
    Posts
    3,791
    Thank Post
    303
    Thanked 327 Times in 233 Posts
    Rep Power
    118

    HP Printer web-interface over HTTPS

    Thought I'd make a note of this as it's one that's bugged me for a while and I never realised the source until now.

    Symptoms:
    - More than one network equipped HP printer on your network.
    - Https connection to the web interface of one printer works ok
    - Https connection to a different printer gives error that the certificate serial number has already been associated to a different hardware item
    - Firefox in particular refuses to let you connect to any additional printers in this way.

    Cause:
    - HP Have only created a single security certificate for all their printers so firefox throws out the bathwater and refuses to connect

    Solution #1:
    - Connect to the printers using IE (it doesn't get so uppity)
    - Turn off HTTPS redirect required in the network settings
    - Repeat for each printer
    - Use HTTP to connect to the printers from here on out.

    Solution #2:
    - Use IE

    Solution #3:
    - Accept certificates for session only (not permanent)
    - Only ever connect to one printer during a session
    - Shutdown and restart your firefox browser each time you want to go to a different printer.


    Nice eh?




    Ref: The full error (minus the bit about contacting your admin)
    You have recieved an invalid certificate. (snip)

    Your certificate contains the same serial number as another certificate issues by the certificate authority. Please get a new certificate containing a unique serial number.
    Last edited by contink; 29th April 2008 at 01:43 PM.

  2. #2

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,143
    Thank Post
    863
    Thanked 2,695 Times in 2,285 Posts
    Blog Entries
    9
    Rep Power
    772
    Lame in some respects on the part of hp but understandable in others.

    As the certs are stored in firmware there are only a couple of ways around this would be to compile a new firmware image on the fly for each printer on their server and to download once for each printer. The only other way would be to include their private certificate in the firmware and have each printer generate a unique key when it is first plugged in. The issue with this method is that someone could crack open their firmware and sign certs as hp thereby opening up people who trust hp certs to be infiltrated by fake certs.

    Surely there must be something in firefox's about:config page to disable this behavior though.

  3. #3

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,803
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224
    Our Colour Laserjet 5500 allows you to upload your own certs + keychain bundle.

  4. #4
    contink's Avatar
    Join Date
    Jul 2006
    Location
    South Yorkshire
    Posts
    3,791
    Thank Post
    303
    Thanked 327 Times in 233 Posts
    Rep Power
    118
    Quote Originally Posted by Geoff View Post
    Our Colour Laserjet 5500 allows you to upload your own certs + keychain bundle.
    No such luck with the Officejet line... Granted this is only the K550, K5400, L7680 I've checked so far..

  5. #5

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,803
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224
    Doesn't surprise me, the 5500 is a bit of heavyweight with more bells and whistles than you can shake a stick at. Where as the officejets you mention are a little more, budget?

  6. #6
    contink's Avatar
    Join Date
    Jul 2006
    Location
    South Yorkshire
    Posts
    3,791
    Thank Post
    303
    Thanked 327 Times in 233 Posts
    Rep Power
    118
    Quote Originally Posted by Geoff View Post
    Doesn't surprise me, the 5500 is a bit of heavyweight with more bells and whistles than you can shake a stick at. Where as the officejets you mention are a little more, budget?
    Aye...

    Just found that the K8600 is the same as the others but has a few nice little bells over the other models.. but that's a whole other topic.

  7. #7

    Ric_'s Avatar
    Join Date
    Jun 2005
    Location
    London
    Posts
    7,593
    Thank Post
    109
    Thanked 764 Times in 595 Posts
    Rep Power
    181
    Couldn't you install the WebJet Admin software on a machine and view that over HTTPS? This then gives you a pretty console of all your printers - plus there's more info than some of the more basic printers/JD cards care to offer you

  8. #8

    SimpleSi's Avatar
    Join Date
    Jun 2005
    Location
    Lancashire
    Posts
    5,812
    Thank Post
    1,476
    Thanked 592 Times in 444 Posts
    Rep Power
    168
    Sorry - https - to a printer ???

    I know I'm at the loose end of the security spectrum but ...

    Go on - educate me - why use https?

    regards

    Simon

  9. #9
    contink's Avatar
    Join Date
    Jul 2006
    Location
    South Yorkshire
    Posts
    3,791
    Thank Post
    303
    Thanked 327 Times in 233 Posts
    Rep Power
    118
    Quote Originally Posted by SimpleSi View Post
    Sorry - https - to a printer ???

    I know I'm at the loose end of the security spectrum but ...

    Go on - educate me - why use https?
    Hey, don't blame me... The goons at HP came up with this beauty

    I think it's just to avoid folks being able to figure out your admin security and mess with the IP settings, etc.. on the printer.

    Anyways... I just reported the problem so folks could be aware if they hit it...

SHARE:
+ Post New Thread

Similar Threads

  1. Cisco interface card?
    By j17sparky in forum Wireless Networks
    Replies: 2
    Last Post: 11th March 2008, 12:20 PM
  2. Wireless Intel WMI Interface?
    By Quackers in forum Windows
    Replies: 1
    Last Post: 29th March 2007, 08:22 AM
  3. aol interface
    By Uraken in forum General Chat
    Replies: 1
    Last Post: 22nd February 2007, 02:21 PM
  4. Sophos interface irritations
    By NetworkGeezer in forum How do you do....it?
    Replies: 18
    Last Post: 21st March 2006, 11:20 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •