cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
johnnyd Member
Member

Centerware IS access disabled because new Self Certifying Machine Digital Certificate was created

Product Name: WorkCentre 7435 built-in controller
Operating System: Windows 7 x64

Hello there.  I am new to the forum and certainly could use some help and guidance.  This morning I found that our access to the Workcentre 7435 through Centerware IS was cutoff.  It states that the mahine is denying the access.  Upon investigation, I found that someone created a new self certifying machine digital certificate last night.  Further, I found that they did this in order to turn on TLS/SSL because they were having issues scanning to email.  

Basically, could I please get some help/advice to undo/restore Centerware access?  We will deal with the email problem later.

Thank you.

Regards,

johnnyd

0 Kudos
22 Replies
Analyst Nation Moderator Joe053204-hcl
Analyst Nation Moderator

Re: Centerware IS access disabled because new Self Certifying Machine Digital Certificate was create

There is no reason you cant view it anyway unless you are using some non default and very restrictive browser settings.

Chrome

Chrome.JPG

EDGE

Edge.JPG

Firefox

FF.JPG

Internet Explorer

Internet Explorer.JPG

 

Please be sure to select "Accept Solution" and or select the thumbs up icon to enter Kudos for posts that resolve your issues. Your feedback counts!

Joe
0 Kudos
Analyst Nation Moderator Joe053204-hcl
Analyst Nation Moderator

Re: Centerware IS access disabled because new Self Certifying Machine Digital Certificate was create

This model has also gone end of development, so its last firmware release (75.14.93) was back in 2016, I know its end date for Smart eSolutions is posted as May of 2019, which means it doesn't support SHA-2. That may be your email issue right there, and if that is the case and updating the firmware does nothing, you may need to email through a relay, something like SMTP2Go. Because Gmail/Office365/Godaddy all require SHA-2.

Please be sure to select "Accept Solution" and or select the thumbs up icon to enter Kudos for posts that resolve your issues. Your feedback counts!

Joe
0 Kudos
johnnyd Member
Member

Re: Centerware IS access disabled because new Self Certifying Machine Digital Certificate was create

Joe,

Hello there.  Thanks for jumping in, addressing this, and providing solutions.  This is the message we are now getting.

Xeror Error.JPG

We used to be able to access the machine through Centerware the way you showed it.  Now, however, it lloks like the machine is blocking us.

As for the email issue, we were using smtp2go and it suddenly stopped working.  I understand that is why someone created a new self certifying machine digital certificate last night.  

Any workarounds/resets/things to do to get this back would really be appreciated.  Thank you.

Regards,

johnnyd

 

0 Kudos
johnnyd Member
Member

Re: Centerware IS access disabled because new Self Certifying Machine Digital Certificate was create

Joe,

Hello again.  The system software version on the 7435 workcentre is version 75.3.1.  Does this help explain anything we are seeing with respect to this issue?  I followed your advice from another solution, that is to turn off TLS/SSL, but the machine is still doing this (unable to access Centerware from a browser) with TLS/SSL disabled.  It shows the year long certificate loaded in there, just above the TLS/SSL option.

Any thoughts?  Thank you.

Regards,

johnnyd

 

 

0 Kudos
johnnyd Member
Member

Re: Centerware IS access disabled because new Self Certifying Machine Digital Certificate was create

Joe,

Hello again.  Based on your information, here are the latest developments.  We could not access the 7435 machine using a normal browser window.  We tried both Chrome and Edge.  The machine kept rejecting the connection.  Finally, we opened a secure window in Edge using Kaspersky.  The machine responded with a message that there was a certificate mismatch, but at least we could proceed.  We clicked through this 2 more times and finally got Centerware working again (in the secure window).  Once in, we disabled HTTP-SSL/TLS communication until we get a handle on what is happening and the machine certificate is not bothering us right now.  Based on this, could you please help with the following:

  • Why could we not get access to the machine through Centerware if we were not using a secure browser window?  Was something affecting the browser in a normal window?
  • Could you please help us with the correct settings for being able to scan and email?  We need this since we do not have the Scan to Folder option on our machine.  Turns out I was not quite correct in what I stated earlier.  We had loaded the host name on the machine as mail.smtp2go.com, but I am told it was never working since we did this.  We must have missed other settings.  Do we need to load the IP address for this host name?  Where?  Do we need to use SMTP AUTH and have SSL/TLS turned on?  I am asking this because I was told by the folks at SMTP2GO.com that a port number 2525 can be used for non-SMTP AUTH and 587 can be used for SMTP-AUTH with SSL/TLS turned on.  We are confused and have no idea what to do.  I would like to get this working so that folks will stop fooling with the dang machine.

Thank you very much for your help and support.  

Regards,

johnnyd

0 Kudos
Technical Escalation User DavidX28897-xrx
Technical Escalation User

Re: Centerware IS access disabled because new Self Certifying Machine Digital Certificate was create

In regards to your email settings you can dl the sys admin guide here

Page 100 lists how to program email with those settings. Also make sure date and time are set correctly on device.

 

 

0 Kudos
johnnyd Member
Member

Re: Centerware IS access disabled because new Self Certifying Machine Digital Certificate was create

Joe, David:

Hello again.  Yes, we did follow the setup instructions for Scan to Email on pages #100-102 of the Sys Admin Guide, but we must be doing something wrong.  We are not using TLS/SSL, but we did invoke SMTP AUTH and are using this with the Smtp2go.com site.  However, no luck.  We are still getting an error code, in particular error code 027-779 It attestation failure by SMTP-A.  What does that mean exactly and what are we doing wrong?  What settings do we need to look at?  Thank you both.

Regards,

johnnyd

0 Kudos
Analyst Nation Moderator Joe053204-hcl
Analyst Nation Moderator

Re: Centerware IS access disabled because new Self Certifying Machine Digital Certificate was create

It's pretty clear from your additions that someone went in there and did a whole lot more than just setup HTTPs.

My guess would be they enabled IP filtering and probably added some changes in what non-logged in users can do. All those settings would be tossed in at

CWIS > Properties > Security

Dig around in the Authorization groups , IP filtering, IPSec, FIPS, IEEE802.1X because its seems someone who shouldn't have did. I'm not at all comfortable working with this over the forum in this manner, I have absolutely no interest in teaching people who shouldn't be doing this how to, and I have no reason at all to think you should or shouldn't, I simply cannot know, so I won't.

As for SMTP2go, I've not heard anything changing on their end, they still state the same per day and per month limit for non paid accounts and their servers haven't changed. And the point of their service is that they don't require SSL/TLS/STARTTLS, so I have no idea why anyone troubleshooting would have decided they should use any of that. Mine still works just fine in testing.

1.JPG

Please be sure to select "Accept Solution" and or select the thumbs up icon to enter Kudos for posts that resolve your issues. Your feedback counts!

Joe
0 Kudos
johnnyd Member
Member

Re: Centerware IS access disabled because new Self Certifying Machine Digital Certificate was create

Joe,

I think I understand what you are stating.  We did check all through the area you mentioned and none of those options have been enabled.  I am not finding any other changes to the setup.  Further, our SMTP page is configured like yours using the username and password for Smtp2go.com (which also matches the machine's email), so we do not know what is causing the issue.  We also checked the time and date on the machine.  Do you make anything from our error code, namely 027-779, It attestation failure by SMTP-A?  Where do we set the IP address for the Smtp2go.com server, perhaps this is our only remaining issue?  

I am hopeful that if this can be resolved, folks will have no reason to touch anything.  Thank you.

Regards,

johnnyd

 

0 Kudos