Public/HP-Laserjet-Pro-Certificate-Management
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8d709213d3c9b5e9de64251f443bdf06b401709e
HP-Laserjet-Pro-Certificate…/README.md
Frédéric Tronel 8d709213d3 Improve README.
2025-12-29 15:48:56 +01:00

69 lines
2.9 KiB
Markdown
Raw Blame History

# Purpose
I wanted to install a certificate generated by Let's encrypt on my brand new laser printer
(HP Laserjet MFJ 4302) for the integrated administration webserver.
After research on the web, I discovered that although there were projects supporting older models
nothing was existing for newer models.
Hence I decided to write my own tool in Python.
It was designed by reverse engineering the integrated administration webserver following the
network exchange when using the menu dedicated to certificate management
(Security -> Certicates management)
# Command
```bash
{list, del, csr,pem}
list List certificates known by the printer
del Delete a certificate
csr Create a certificate signing request (CSR)
pem Install a PEM certificate
Common options:
-h, --help Show this help message and exit
-d, --debug Activate debug.
-c, --config CONFIG_FILENAME Configuration file.
-u, --user USERNAME Username (admin).
-p, --password [PASSWORD] Specify admin password.
-H, --host HOSTNAME Hostname.
-n, --no-tls-verification Do not verify certificate validity.
```
# How to use it ?
After playing a lot with the administration web server, I discover a reproducible way to convince
the printer to accept a Let's Encrypt certificate.
First you need to ask a CSR generated by the printer:
```bash
./refresh-certificate.py -c ./config.ini -n -p PASSWORD csr
```
This way the private key part of the certificate is only known by the printer.
I was not able to import the private key of a Let's Encrypt certificate as obtained when generating
the certificate directly from ACME.
Next you need to ask Let's Encrypt to sign the CSR:
```
certbot certonly --webroot -w /var/www/letsencrypt/ --csr printer.csr
```
You should obtain three PEM files in response:
1. _cert.pem_: the certificate itself (PEM format)
2. _chain.pem_: the intermediate CA that signed the certificate (PEM format)
3. _fullchain.pem_: the two previous files concatenated.
Finally you can install the certificate PEM file on the printer:
```
./refresh-certificate.py -c ./config.ini -n -p PASSWORD pem -i fullchain.pem
```
Please note that during the last step, you can add either the _cert.pem_ file or
the _fullchain.pem_ files. In both cases, you should be able to connect to the printer webserver
without warning message from your navigator (tested on Firefox and Chromium).
This is possible because the main navigators comes with a certificates store that contains
not only the root certificate of Let's Encrypt but also the intermediate certificates.
However, note that most others tools will fail to connect to the Web server of the printer
(including this tool) because the printer will only present the final certificate.
You really have to install the _fullchain.pem_ to remove TLS connexion errors from all tools.
Reference in New Issue View Git Blame Copy Permalink