Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
7 Replies
de100671
Member
Member
‎03-29-2023 04:58 AM

Re: What properties does a certificate need to have to satisfy the Xerox Work Centre 6515?

Hi TammyL-Xerox, I have been through all stages of support now and nobody can help or is willing to even answer some basic questions without me having to sign a contract. So I come back to here and after having verified my theory with our business printer in the company, I can narrow down my problem to the following: 

Our Business WorkCentre 7830 accepts the certificate that I have created and signed with my own CA (Root CA and Intermediate CA) and corrrectly recognises it as a device certificate. If I use the exact same config file with only different hostnames for my local Xerox WorkCentre 6515 to create a certificate, it always puts the certificate into the Trusted Intermediate CAs category. instead of registering it in the Device Certificate category in the same way as it is being registered on the WorkCentre 7830.


From my perspective clearly a problem in the firmware certificate handling. 

Please help.

0 Kudos
Reply
TammyL-Xerox
Community Manager
Community Manager
‎03-23-2023 07:39 AM

Re: What properties does a certificate need to have to satisfy the Xerox Work Centre 6515?

Hello de100671, 

You can use the link below to find the number for Germany. 

Worldwide Contact Page:   

http://xerox.bz/worldw 

Thanks,
TammyL-Xerox
Community Manager

Be sure to click Kudos for those who have helped you.
Select Accept as Solution for posts that have helped to solve your issue(s)!
Reply
de100671
Member
Member
‎03-22-2023 04:19 PM

Re: What properties does a certificate need to have to satisfy the Xerox Work Centre 6515?

Hi Cathy, I'm located in Germany and cannot call 1-800 numbers in the US.
 
Can you please provide an email address or a German support number of a specialist (it's a pain to walk through the explanations again and again to get to somebody knowledgeable on the topic...
0 Kudos
Reply
CathyO-Xerox
Community Manager
Community Manager
‎03-22-2023 01:17 PM

Re: What properties does a certificate need to have to satisfy the Xerox Work Centre 6515?

Hello de100671,

I see no one has responded to this post yet. So, at this point I would recommend contacting your local Xerox Support Department to speak with a Product Specialist for more assistance. Please call 1-800-821-2797 or 1-800-835-6100. 

Thanks,
CathyO-Xerox
Community Manager

Be sure to click Kudos for those who have helped you.
Select Accept as Solution for posts that have helped to solve your issue(s)!
0 Kudos
Reply
de100671
Member
Member
‎03-21-2023 08:11 AM

Re: What properties does a certificate need to have to satisfy the Xerox Work Centre 6515?

Btw, looking at the certificate, I understand the idea of a self-signed cert (CA:true). However, I want it to be false as I do not want to certify against my printer, but I want my own CA signed certificate to be the certification instance. As it is a two-level hierarchy, I had to import the CA Certificate AND the intermediate CA Certificate. I imported both and that went really smooth. And I find the certificates where I would expect them to show up. (Trusted CAs and Intermediate CAs).

So, I configured my CA like this:

basicConstraints = CA:false
nsCertType = server,client
nsComment = "OpenSSL Generated Certificate"
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer:always
keyUsage = digitalSignature,keyEncipherment,cRLSign,keyCertSign
subjectAltName = @alt_names
[alt_names]

IP.1 = xxx.xxx.xxx.xxx

DNS.1 = xxx.xxx.xxx.xxx

DNS.2 = xxx.xxx.xxx.xxx

Reply
de100671
Member
Member
‎03-20-2023 12:13 PM

Re: What properties does a certificate need to have to satisfy the Xerox Work Centre 6515?

Hi Cathy, thx for sharing the document. Unfortunately it does not answer my question. 

If I look at the exported certificate from the printer, I see the following:

Certificate:
Data:
Version: 3 (0x2)
Serial Number:
59:43:29:<and so on...>
Issuer: CN = xyz_client
Validity
Not Before: Mar 17 07:37:36 2023 GMT
Not After : Jun 3 07:37:36 2031 GMT
Subject: CN = xyz_client
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:bd:4c:<and so on>...


Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage:
Digital Signature, Key Encipherment, Certificate Sign, CRL Sign
X509v3 Basic Constraints: critical
CA:TRUE
Netscape Comment:
Self Signed Certificate(System)
X509v3 Subject Alternative Name:
0)..xyz_client.fritz.box...xyz_client.local
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
9f:80:68:<and so on>

This certificate appears in section "Device Certificates". 

I generated a CSR from the menu and used this CSR to create a certificate for the printer. If I import this certificate, it appears in section "Intermediate Certificates" and looks like this:

Certificate:
Data:
Version: 3 (0x2)
Serial Number:
21:76:61:<and so on...>

Signature Algorithm: sha256WithRSAEncryption
Issuer: C = DE, ST = Nordrhein-Westfalen, O = JSITS, OU = IT Department, CN = linmint.fritz.box, emailAddress = de100671@gmail.com
Validity
Not Before: Mar 20 15:57:25 2023 GMT
Not After : Apr 21 15:57:25 2024 GMT
Subject: C = DE, ST = Somewhere, L = Rainbox, O = JSITS, OU = IT Department, CN = xyz_client.fritz.box, emailAddress = bla@blub.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c8:23:<and so on...>
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE, pathlen:2
Netscape Comment:
OpenSSL Generated Server Certificate
X509v3 Subject Key Identifier:
07:8B:E2:<and so on...>
X509v3 Authority Key Identifier:
keyid:7B:EA:C9:<and so on...>
DirName:/C=DE/ST=Somehwere/L=Rainbow/O=JSITS/OU=IT Department/CN=xyz_client.fritz.box/emailAddress=bla@blub.com
serial:01
X509v3 Key Usage:
Digital Signature, Key Encipherment, Certificate Sign, CRL Sign
X509v3 Subject Alternative Name:
IP Address:192.168.70.73, DNS:xyz_client DNS:xyz_client.fritz.box
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
2e:29:ec:<and so on...>

So, my assumption is that I need to adapt the configuration file for the x509 section to be able to create a DEVICE CERTIFICATE instead of "another-category" certificate. 

0 Kudos
Reply
CathyO-Xerox
Community Manager
Community Manager
‎03-20-2023 08:32 AM

Re: What properties does a certificate need to have to satisfy the Xerox Work Centre 6515?

Hello de100671,

Here is a article on managing certificates on your device.

Thanks,
CathyO-Xerox
Community Manager

Be sure to click Kudos for those who have helped you.
Select Accept as Solution for posts that have helped to solve your issue(s)!
Reply
de100671
Member
Member
‎03-17-2023 03:46 AM

What properties does a certificate need to have to satisfy the Xerox Work Centre 6515?

Product Name: WorkCentre 6515
Operating System: Windows 10

Hi Xerox Savants,

I am trying to install a certificate that I have created with my own 2-layered Certificate Authority. I have already imported the CA and the Intermediate CA certificates and that went flawless. I know that my certificates work for all other servers in my network, but if I try to import the certificate for my Work Centre 6515, it tells me the certificate would not be satisfying. So my assumption is that I need to add certain extensions to satisfy the needed certificate configuration. However, I can't find anything on the topic: How to configure a certificate for the 6515. My only option would be to "reverse engineer" the properties of a self-created and exported certificate to then adapt my CAs to cater for those. Before I do this, I'd like to ask, if somebody knows what certificate properties need to be there. 

Tags (1)
0 Kudos
Reply