cancel
Showing results for 
Search instead for 
Did you mean: 
geoffc
New Member
New Member

Phaser 7800 Xerox Generic Root CA Authority certificate expired 01-Nov-2020

Jump to solution
Product Name: Other - specify product in post
Operating System: Windows 10 x64

In 2019 I purchased a used Phaser 7800 and when I received it I upgraded its firmware (with help from here) to the latest release at that time 081.150.109.12600. This was in order to resolve any SHA-1 security issues. That worked well and afterwards I  enabled SSL so as to access CWIS via port 443 - using the inbuilt certificates within the Phaser 7800. Since that time I have not needed to login via CWIS and basically just sent print jobs to the machine.

Wind forward to July 2021 and I was wanting to access the Phaser 7800 CWIS interface - only to find that CWIS screens via SSL returned back to my browser (whether Firefox, IE, Edge or Chrome) all were blank.

I eventually traced it down to 2 issues - the printer device certificate had expired in 2020 and as well the more concerning issue the Xerox Generic Root CA certificate (embedded within the Phaser 7800 firmware?) was only valid from 04-Nov-2010 to 01-Nov-2020. I could force a new device certificate to be created by changing the IP address and back (valid for the next year) - but am unable to fix the Xerox Generic Root CA certificate expiry without a replacement Xerox certificate.

I eventually had to reset the printer NVRAM in order to reset the CWIS comms back to http and after setting the IP address again to static (private IP address) was able to access CWIS once more.

I have since been looking for a solution to re-enabling SSL - and so far I can only do so if I disable NTP on the printer and PC, set the time to August 2019 on both PC and printer, then I can re-enable SSL and can access via http: once more. I then need to load replacement certificates that are also valid in 2019 through (say) 2030 on the printer. Unfortunately this can only be done with SSL enabled on the Phaser 7800  and with the Root CA certificate already expired makes it difficult.

As this machine has a private IP address (192.168.10.x) I am unable to order new certificates from any CA Authorities as they refuse to provide certificates for private IP address ranges like 192.168.10.x - or I could look at using openSSL to become my own CA authority and generate new certificates that way.

Or I forget about using SSL and just keep accessing CWIS via http: .

Does anyone know if there is a more recent release of firmware for the Phaser 7800 than 081.150.109.12600 that includes a new Xerox Generic Root CA certificate valid for the next few (preferably several) years at least ?

Thanks for any advice/suggestions you can offer.

What have other Phaser 7800 administrators done to overcome the expired Xerox Generic Root CA certificate ?

Regards

Geoff

0 Kudos
8 Replies
CherylO-Xerox
Community Manager
Community Manager

Re: Phaser 7800 Xerox Generic Root CA Authority certificate expired 01-Nov-2020

Jump to solution

Hi geoffc, 

Thank you for using the Support Forum. Please take a look at the spar release table for spar releases for your product.  If this does not help please consider contacting your support centre for further assistance.

Thanks,
CherylO-Xerox
Community Manager

Be sure to click Kudos for those who have helped you.
Select Accept as Solution for posts that have helped to solve your issue(s)!

geoffc
New Member
New Member

Re: Phaser 7800 Xerox Generic Root CA Authority certificate expired 01-Nov-2020

Jump to solution

Thanks CherylO - much appreciated.

As it turns out, I had looked at the SPAR spreadsheet - scrolled down to the first entry for Phaser 7800 and with a bit of selective blindness totally ignored the following second Phaser 7800 entry that included (shaded in blue) the link to the updated firmware version 081.150.119.18804 that included updated security certificates that I was desperately after. See https://www.support.xerox.com/support/Phaser7800/firmware/file-redirect/enus.html?contentId=152612  After upgrading to this version the Xerox Generic Root CA certificate now expires on 01-Jan-2031 so plenty of time left for now. Unfortunately there was no readme file with the release to advise what other changes were made.

I also had to change the static IP address of the printer again (twice) toforce a new Device certificate to be created (once the printer time was set accurately) and now have https: comms working ok once more. I will just have to remember to force a new device certificate generation  before this time next year to avoid loss of SSL comms to the printer when the printer device certificate expires (annually) once more.

 

Geoff

0 Kudos
andymbody
Valued Contributor
Valued Contributor

Re: Phaser 7800 Xerox Generic Root CA Authority certificate expired 01-Nov-2020

Jump to solution

 

The Release Notes document you are looking for is considered Xerox Confidential (so I'm unable to provide the full document), but this is the only listed fix in the document for this version. This version date tag is July 2019, and is the latest spar available.

Unable to access CWIS after Enable SSL

 

 

 

0 Kudos
geoffc
New Member
New Member

Re: Phaser 7800 Xerox Generic Root CA Authority certificate expired 01-Nov-2020

Jump to solution

Thanks - but I am not sure you have found the correct Release Notes. They should mention replacing the Xerox Generic Root CA certificate and be date stamped in July 2021.

As far as I can tell this latest release 081.150.119.18804 was only recently built as the DLM date stamp within its zip file is 15 July 2021 plus this was also only just published in SPAR 9.45 Release table on 01 Aug 2021.

I'd look for Release Notes that reference 081.150.119.18804 and/or mention updating the Xerox Generic Root CA Certificate to be the actual release notes for this latest SPAR 9.45 Release It is possible the version you found is for an earlier release that also had issues dealing with CWIS and SSL. The main symptoms of the effect of an expired SSL certificate is that any display pages returned from CWIS are all blank.

As this latest problem only occurred starting 02 Nov 2020 any fault reports would only have started after then. Many printer admins also have installed their own SSL certificates generated by external CA certificate providers so not everyone would have been affected by this Xerox certificate expiring. As long as another current CA certificate is loaded in the printer is all that is essential. All printers on private networks would  have this problem but only if they had chosen to enable SSL.

 

Thanks to CherylO and andym for looking into this issue.

0 Kudos
andymbody
Valued Contributor
Valued Contributor

Re: Phaser 7800 Xerox Generic Root CA Authority certificate expired 01-Nov-2020

Jump to solution

 

Yes, this is the version that the release notes were from.

Xerox Confidential Only Office Technical Support Group
SPAR Release Notes
Phaser 7800 (R21-05)
Firmware Release 081.150.119.18804
Release Date: July 23, 2021 dc21rn4031

My mistake about the date. The 9 in the sw version (6th digit from the right) usually would signify the year that the sw version was released (2019). But for some reason, this date-code convention was not followed on this particular release (maybe an oversite). The 9 would normally be a 1 to signify 2021. They will probably correct this in the next release. Sorry for the confusion.

If the moderators of this site will provide permission for me to upload the Release Notes, I will be happy to do so. I just don't want to over step my position here or release something that may not be allowed.

Moderators?

Andy

 

0 Kudos
geoffc
New Member
New Member

Re: Phaser 7800 Xerox Generic Root CA Authority certificate expired 01-Nov-2020

Jump to solution

Thanks for the explanation - that clears up the 2019 2021 confusion at least.

Even if you are not premitted to publish the Release Notes - I still am at a loss to understand why a publically issued  SPAR Firmware Release would categorise the associated Read Me/Release Notes as Xerox Confidential effectively preventing the implementers of said release from reading them.

Is there anything in the Release notes that you feel would warrant a Confidential category ?

The other aspect about this particular SPAR Release is that it states:

No security fixes incorporated in this release. Please see the Read Me document.

How are we meant to possibly do that if the Read Me is classified Xerox Confidential ? This might just be a mistake with the document classification - especially if there is nothing in there of a "sensitive" nature.

0 Kudos
andymbody
Valued Contributor
Valued Contributor

Re: Phaser 7800 Xerox Generic Root CA Authority certificate expired 01-Nov-2020

Jump to solution

 

I agree Geoff.

I'm unable to share the Confidential release notes, but...

this document

may be the readme file that you are looking for...

Andy

 

geoffc
New Member
New Member

Re: Phaser 7800 Xerox Generic Root CA Authority certificate expired 01-Nov-2020

Jump to solution

That's fine - it is not that important and the original problem is solved now anyways.

That does look like the Read Me - and the lack of Release Notes included within the Zip file may be due to either it was an oversight or the document is as you found Xerox Confidential in which case it would probably need to be excluded from the zip.

I looked back at some of the earlier release firmwares I've needed for the printer - only the Bridge Upgrade DLM has proper Xerox Release Notes - whereas the other more recent versions only have just the install instruction.

0 Kudos