Improve README.
This commit is contained in:
Frédéric Tronel
66
README.md
66
README.md
@@ -2,43 +2,67 @@
|
||||
|
||||
I wanted to install a certificate generated by Let's encrypt on my brand new laser printer
|
||||
(HP Laserjet MFJ 4302) for the integrated administration webserver.
|
||||
After research on the web, I discovered
|
||||
After research on the web, I discovered that although there were projects supporting older models
|
||||
nothing was existing for newer models.
|
||||
Hence I decided to write my own tool in Python.
|
||||
It was designed by reverse engineering the integrated administration webserver following the
|
||||
network exchange when using the menu dedicated to certificate management
|
||||
(Security -> Certicates management)
|
||||
|
||||
# Arguments
|
||||
# Command
|
||||
|
||||
positional arguments:
|
||||
{csr,pem} command help
|
||||
csr Create CSR
|
||||
pem Install certificate
|
||||
```bash
|
||||
{list, del, csr,pem}
|
||||
list List certificates known by the printer
|
||||
del Delete a certificate
|
||||
csr Create a certificate signing request (CSR)
|
||||
pem Install a PEM certificate
|
||||
|
||||
options:
|
||||
-h, --help show this help message and exit
|
||||
Common options:
|
||||
-h, --help Show this help message and exit
|
||||
-d, --debug Activate debug.
|
||||
-c, --config CONFIG_FILENAME
|
||||
Configuration file.
|
||||
-u, --user USERNAME Username.
|
||||
-p, --password [PASSWORD]
|
||||
Password.
|
||||
-c, --config CONFIG_FILENAME Configuration file.
|
||||
-u, --user USERNAME Username (admin).
|
||||
-p, --password [PASSWORD] Specify admin password.
|
||||
-H, --host HOSTNAME Hostname.
|
||||
-n, --no-tls-verification
|
||||
Verify certificate validity.
|
||||
|
||||
-n, --no-tls-verification Do not verify certificate validity.
|
||||
```
|
||||
|
||||
# How to use it ?
|
||||
|
||||
To obtain a CSR:
|
||||
```
|
||||
After playing a lot with the administration web server, I discover a reproducible way to convince
|
||||
the printer to accept a Let's Encrypt certificate.
|
||||
First you need to ask a CSR generated by the printer:
|
||||
```bash
|
||||
./refresh-certificate.py -c ./config.ini -n -p PASSWORD csr
|
||||
```
|
||||
This way the private key part of the certificate is only known by the printer.
|
||||
I was not able to import the private key of a Let's Encrypt certificate as obtained when generating
|
||||
the certificate directly from ACME.
|
||||
|
||||
To obtain a PEM certificate from Let's encrypt:
|
||||
Next you need to ask Let's Encrypt to sign the CSR:
|
||||
```
|
||||
certbot certonly --webroot -w /var/www/letsencrypt/ --csr printer.csr
|
||||
```
|
||||
|
||||
To install the PEM file on the printer:
|
||||
You should obtain three PEM files in response:
|
||||
|
||||
1. _cert.pem_: the certificate itself (PEM format)
|
||||
2. _chain.pem_: the intermediate CA that signed the certificate (PEM format)
|
||||
3. _fullchain.pem_: the two previous files concatenated.
|
||||
|
||||
Finally you can install the certificate PEM file on the printer:
|
||||
```
|
||||
./refresh-certificate.py -c ./config.ini -n -p PASSWORD pem
|
||||
./refresh-certificate.py -c ./config.ini -n -p PASSWORD pem -i fullchain.pem
|
||||
```
|
||||
|
||||
Please note that during the last step, you can add either the _cert.pem_ file or
|
||||
the _fullchain.pem_ files. In both cases, you should be able to connect to the printer webserver
|
||||
without warning message from your navigator (tested on Firefox and Chromium).
|
||||
This is possible because the main navigators comes with a certificates store that contains
|
||||
not only the root certificate of Let's Encrypt but also the intermediate certificates.
|
||||
However, note that most others tools will fail to connect to the Web server of the printer
|
||||
(including this tool) because the printer will only present the final certificate.
|
||||
You really have to install the _fullchain.pem_ to remove TLS connexion errors from all tools.
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user