I have an HP LaserJet MFP M234sdw printer. I am getting error messages
from CUPS that say something like "cups-pki expired". The certificate
on the printer expired recently.

How do I generate a signed certificate to use in the printer?

There is no mechanism to do so in the printer's firmware.

--
Does anybody read signatures any more?

https://charlescurley.com
https://charlescurley.com/blog/

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Sat, 21 Sep 2024 17:34:51 -0400
Jeffrey Walton <noloader@gmail.com> wrote:

How do I generate a signed certificate to use in the printer?

There is no mechanism to do so in the printer's firmware.

You install certificates from the printer's web administration page. <https://support.hp.com/my-en/document/ish_4629366-5428336-16>.

Nope. There is no certificate generator on the printer, and that page
doesn't describe the web navigation correctly.

If you want to run your own PKI, then checkout Dogtag, <https://www.dogtagpki.org/>.

I'll look into this, thanks. I am, however, a certificate illiterate.

--
Does anybody read signatures any more?

https://charlescurley.com
https://charlescurley.com/blog/

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 9/21/24 23:25, Charles Curley wrote:

I have an HP LaserJet MFP M234sdw printer. I am getting error messages
from CUPS that say something like "cups-pki expired". The certificate
on the printer expired recently.

Is it a selfsigned cert?

How do I generate a signed certificate to use in the printer?

There is no mechanism to do so in the printer's firmware.

Even if you upgrade the FW?

--
John Doe

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Sun, 22 Sep 2024 15:54:09 +0200
john doe <johndoe65534@mail.com> wrote:

On 9/21/24 23:25, Charles Curley wrote:

I have an HP LaserJet MFP M234sdw printer. I am getting error
messages from CUPS that say something like "cups-pki expired". The certificate on the printer expired recently.

Is it a selfsigned cert?

I think so. The embedded web server says,

By default, a pre-installed self-signed printer certificate is
created to identify this printer. You can change this certificate to
more accurately identify the printer and to update the length of
time the certificate is valid.

How do I generate a signed certificate to use in the printer?

There is no mechanism to do so in the printer's firmware.

Even if you upgrade the FW?

I tried upgrading the firmware. I have the latest available, 20201215.

--
Does anybody read signatures any more?

https://charlescurley.com
https://charlescurley.com/blog/

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 9/22/24 17:05, Charles Curley wrote:

On Sun, 22 Sep 2024 15:54:09 +0200
john doe <johndoe65534@mail.com> wrote:

On 9/21/24 23:25, Charles Curley wrote:

I have an HP LaserJet MFP M234sdw printer. I am getting error
messages from CUPS that say something like "cups-pki expired". The
certificate on the printer expired recently.

Is it a selfsigned cert?

I think so. The embedded web server says,

By default, a pre-installed self-signed printer certificate is
created to identify this printer. You can change this certificate to
more accurately identify the printer and to update the length of
time the certificate is valid.

How do I generate a signed certificate to use in the printer?

There is no mechanism to do so in the printer's firmware.

Even if you upgrade the FW?

I tried upgrading the firmware. I have the latest available, 20201215.

I also have a HP.
After entering credentials it allows me to access the advance
capabilities of my printer.
It allows me among other things to renew the selfsigned cert!

To me, this is build-in! ;^)

--
John Doe

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Sun, 22 Sep 2024 18:02:30 +0200
john doe <johndoe65534@mail.com> wrote:

I also have a HP.
After entering credentials it allows me to access the advance
capabilities of my printer.

What credentials? I have a user name and password (which I changed from
the defaults), and have used those to log in. Is there some other set
of credentials I have missed?

It allows me among other things to renew the selfsigned cert!

To me, this is build-in! ;^)

--
Does anybody read signatures any more?

https://charlescurley.com
https://charlescurley.com/blog/

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Sun, 22 Sep 2024 18:02:30 +0200
john doe <johndoe65534@mail.com> wrote:

Even if you upgrade the FW?

I tried upgrading the firmware. I have the latest available,
20201215.

I also have a HP.
After entering credentials it allows me to access the advance
capabilities of my printer.
It allows me among other things to renew the selfsigned cert!

To me, this is build-in! ;^)

I did finally find it.

Networking -> Certificates -> Configure

That gives me several options. I then selected "Create a New
Self-Signed Certificate". That updated the certificate. I now cannot
print on that printer, even after cycling power. If I print over the USB interface, I hear it spin its wheels, but nothing is printed. I tried
deleting and re-installing it. No go.

Or I could select "Create a Certificate Request" and hit Next. I filled
in the details, hit Next. No complaints from the printer. I then used
copy and paste to save off the cert request. This is a good thing,
because when I hit "Save" I got several requests for Username and
Password in a row. I gave up after the 5th such request.

I'm rather frustrated and annoyed.

--
Does anybody read signatures any more?

https://charlescurley.com
https://charlescurley.com/blog/

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 9/22/24 21:02, Charles Curley wrote:

On Sun, 22 Sep 2024 18:02:30 +0200
john doe <johndoe65534@mail.com> wrote:

Even if you upgrade the FW?

I tried upgrading the firmware. I have the latest available,
20201215.

I also have a HP.
After entering credentials it allows me to access the advance
capabilities of my printer.
It allows me among other things to renew the selfsigned cert!

To me, this is build-in! ;^)

I did finally find it.

Networking -> Certificates -> Configure

That gives me several options. I then selected "Create a New
Self-Signed Certificate". That updated the certificate. I now cannot
print on that printer, even after cycling power.

Do you realy need SSL/TLS for a printer, if your network is secured.

If I print over the USB
interface, I hear it spin its wheels, but nothing is printed. I tried deleting and re-installing it. No go.

Or I could select "Create a Certificate Request" and hit Next. I filled
in the details, hit Next. No complaints from the printer. I then used
copy and paste to save off the cert request. This is a good thing,
because when I hit "Save" I got several requests for Username and
Password in a row. I gave up after the 5th such request.

I'm rather frustrated and annoyed.

A wild guess, would be that the default cert was signed by a trusted CA,
which could explain why it was working out of the box! ;^)

You could use Letsencrypt to sign your CSR, assuming that you can upload
your signed cert to the printer.

I can access my printer via telnet, which is, sometime less frustrating! ;^)

Good luck I guess!

--
John Doe

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Sun, 22 Sep 2024 17:56:56 -0400
Jeffrey Walton <noloader@gmail.com> wrote:

Networking -> Certificates -> Configure

Interesting. Previously you said, "Nope. There is no certificate
generator on the printer [web admin page],.."

Yes, I did. I don't know why I didn't try the Configure button.

One reason I described the path to the correct place above is that the
various pages I found in HP's mess of documentation all provided
different paths, none of which were this one.

Use IPP printing. The connection on your workstation will be something
like <ipp://colorlaserjet.home.arpa>.

That is indeed the approach I am now taking.

--
Does anybody read signatures any more?

https://charlescurley.com
https://charlescurley.com/blog/

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Sun, 22 Sep 2024 13:02:26 -0600
Charles Curley <charlescurley@charlescurley.com> wrote:

If I print over the USB
interface, I hear it spin its wheels, but nothing is printed. I tried deleting and re-installing it. No go.

I finally solved that one. I changed the driver for the printer. It
used to work correctly.

In other news, I finally got printing from another machine running.
I use IPP to the desktop (which has the printer on a USB cable). This
involved opening both IPP and IPP-client in the firewalls of both the
server and the client. The two printers that magically appear thanks to Avahi/Bonjour are still useless.

None of these solutions involve using the cert. That does affect the
embedded web server. Since it is self-signed, I still have to jump
through a hoop to get to it. Sigh.

--
Does anybody read signatures any more?

https://charlescurley.com
https://charlescurley.com/blog/

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)