HP JetAdvantage Security Manager 10 Device E-LTU Manual de usuario descargar pdf (Pagina 3)

The Jetdirect certificate

(identity certificate) on the

device has two roles: to

provide encryption of the

data stream and to

provide authentication of

the holder of the

certificate, the Jetdirect

device in this case. In the

specific case of the

Jetdirect self-signed

certificate, both the

contents of the certificate

as well as how it was

signed prevent its use for

authentication.

The self-signed certificate can however assist with encrypting data (SSL/TLS) as in secure port

communication (HTTPS, IPPS). Transport Layer Security (TLS) and its predecessor, Secure Sockets

Layer (SSL), are cryptographic protocols that allow client-server applications to communicate across a

network in a way designed to prevent eavesdropping and tampering.

Many tools rely on the presence of at least a self-signed certificate to encrypt data. For example, HP

Web Jetadmin will use TLS/SSL for HTTPS communications to devices for some of the device

configuration options. HP Security Manager as well will use TLS/SSL for HTPS communication on

many items it assesses and remediates.

NOTE: Before a client and server can begin to exchange information protected by TLS, they must

securely exchange or agree upon an encryption key and a cipher to use when encrypting data. The

client and the server use the session keys to encrypt and decrypt the data they send to each other and

to validate its integrity. If TLS 1.2 is enabled in the operating system and on the device, it will be

attempted for use first. The newer operating systems supporting TLS 1.1/1.2 have dropped MD5 as

an acceptable hashing algorithm to be used in the handshake. MD5 is a hashing function that

converts an arbitrarily long data stream into a hash of fixed size (16 bytes). Due to significant

progress in cryptanalysis, MD5 no longer can be considered a 'secure' hashing function. If an SSL

negotiation starts with TLS 1.2 and encounters a certificate with “md5withRSAEncryption” for the

“Signature algorithm”, the connection will fail. Older Jetdirect devices using older Jetdirect firmware,

such as those found in older Oz firmware models including HP LaserJet M3035 MFP/M5035 MFP,

will default to using MD5 as the signature algorithm for any self-signed certificates that are generated

and installed. Newer Jetdirect firmware on these devices will use SHA1 as the signature algorithm for

any self-signed certificates that are generated and installed. If the self-signed certificate installed uses

MD5 for the signature algorithm, and if TLS 1.1/1.2 is enabled on the device, Web Jetadmin will

display an Error reading Device Settings.

This same issue can occur in Security

Manager for these same Oz devices or any

device that defaulted to using MD5 as the

hash when the self-signed certificate was

first generated, but the status will appear as

Connection Refused because of the unsupported hash being attempted in the negotiation.

Regenerating the self-signed certificate with newer firmware will certainly solve this situation. The very

latest HP Jetdirect firmware added a fix to automatically regenerate a self-signed certificate upon

startup if MD5 is seen as the hash. Another workaround could include exporting the self-signed

1 2 3 4 5 6 7 8 ... 30 31

Comentarios a estos manuales

Sin comentarios

HP JetAdvantage Security Manager 10 Device E-LTU Manual de usuario Pagina 3

Comentarios a estos manuales

Relacionado con productos y manuales para No HP JetAdvantage Security Manager 10 Device E-LTU