Learn how to use the Embedded Web Server (EWS) to install, view, and manage certificates.
Learn how to install and configure security certificates.
Use the Certificate Management page to manage certificates for identification of the printer on a network and to encrypt data used by the printer.
The printer comes with a self-signed identity certificate and a self-signed Certificate Authority (CA) certificate. The printer also comes with three Root CA Certificates from popular Certificate Authorities. These Root CA Certificates can be used to authenticate popular email services including Gmail, Yahoo, and MS Office 365.
Certificates are managed from the Security tab > Certificate Management page of the EWS. The Certificate Management page contains the following tabs:
Certificate tab – Use to import, view details, remove, export, and use for e-mailing signing with certificates
Certificate Validation tab – Use to disable or enable validation of Kerberos server certificates with either the OCSP or CDP validation
The printer supports the following import formats for certificates:
.DER (binary)
.CER (binary or Base64)
.PEM (Base64, installs single certificate)
.PFX (identity certificate)
.P7B (CA certificates only)
Learn how to create or install security certificates.
Use this feature to create a new, self-signed identity certificate for the printer. A self-signed identity certificate is installed on the printer by default for data-encryption purposes only. Self-signed identity certificates are not accepted for authentication since they are not issued by a trusted Certificate Authority (CA).
To create an identity certificate signed by a CA, see the following sections on creating a certificate signing request (CSR) and installing an identity certificate from a CSR.
Creating a new, self-signed certificate overwrites and replaces the existing self-signed certificate on the printer.
Using the top navigation tabs, click Security.
In the left navigation pane, click Certificate Management.
Click Create... in the Create New Self-Signed Certificate area.
Enter the identifying information for the printer in the Identifying Information area.
Select an encryption key length in the RSA Key Length: drop-down menu in the Key Options area.
If the Trusted Platform Module (TPM) is installed, the private key may be marked as exportable. However, if Mark private key as exportable is selected, the private key will not be generated on the TPM.
Select a signature algorithm from the Signature Algorithm drop-down menu in the Signature Algorithm area.
Enter the validity period for the certificate in the Certificate Validity area. The default validity period is five years from the system date at creation time.
Click OK to go to the new, self-signed certification confirmation page. To return to the main Certificates page without updating the current, signed certificate, click Cancel.
Use the following steps to create a certificate signing request.
Using the top navigation tabs, click Security.
In the left navigation pane, click Certificate Management.
Click Create... in the Create Certificate Signing Request area.
Enter the identifying information for the organization to which the certificate will be issued in the Identifying Information area.
Select an encryption key length for the requested certificate in the RSA Key Length: drop-down menu in the Key Options area.
If the Trusted Platform Module (TPM) is installed, the private key may be marked as exportable. However, if Mark private key as exportable is selected, the private key will not be generated on the TPM.
Select a signature algorithm for the requested certificate from the Signature Algorithm drop-down menu in the Signature Algorithm area.
Click OK to proceed to the Create Certificate Signing Request confirmation page.
Copy, or save to a file, the contents of the certificate signing request on the Create Certificate Signing Request confirmation page. The contents of the certificate signing request must be presented to a CA to complete the request process.
Use this to install an identity certificate created from a CSR.
Using the top navigation tabs, click Security.
In the left navigation pane, click Certificate Management.
Select Install Identity Certificate from CSR.
Click Browse next to the Choose File field.
Locate the certificate for import, and then click Open.
Click Install.
Use the following steps to import an identity certificate.
Using the top navigation tabs, click Security.
In the left navigation pane, click Certificate Management.
Select Import Identity Certificate with Private Key.
If Trusted Platform Module (TPM) is installed, HP recommends creating and using a certificate signed by a CA.
Click Browse next to the Choose File field.
Locate the certificate for import, and then click Open.
Click Install.
Use the following steps to install a certificate.
In the left navigation pane, click Certificate Management.
Click Browse next to the Choose File field.
Locate the certificate for import, and then click Open.
Identity type certificates, as well as Certificate Authority type certificates, are valid types for importation and use with this printer.
If the certificate has a private key (for example, a .pfx file), enter the password for the certificate in the Certificate Password field. Use the same password used to encrypt the private key.
Click Import.
Use the following information to configure the certificate validation settings in the EWS.
Use the following steps to set up OCSP certificate validation.
Certificates might need to be installed in the Certificates tab for the OCSP servers.
Using the top navigation tabs, click Security.
In the left navigation pane, click Certificate Management.
Click the Certificate Validation tab of the Certificate Management page.
Select the Perform OCSP Validation on the certificate trust chain option on the Certificate Validation tab.
Enter a URL for an OCSP server, and then click Add.
Multiple OCSP servers can be added for certificate validation. The URLs for the OCSP server(s) might be fully-qualified domain names or IP addresses.
Select the Treat Unknown certificate status as valid check box, if necessary.
Click Apply to save the settings.
Use the following steps to configure CDP certificate validation.
Using the top navigation tabs, click Security.
In the left navigation pane, click Certificate Management.
Click the Certificate Validation tab of the Certificate Management page.
Select the Perform CDP Validation on the certificate trust chain option on the Certificate Validation.
Click Apply to save the settings.
Use the following information to manage security certificates using the EWS.
Use the Certificate Management page to manage certificates for identification of the printer on a network and to encrypt data used by the printer.
The printer comes with a self-signed identity certificate and a self-signed Certificate Authority (CA) certificate. The printer also comes with three Root CA Certificates from popular Certificate Authorities. These Root CA Certificates can be used to authenticate popular email services including Gmail, Yahoo, and MS Office 365.
Certificates are managed from the Security tab > Certificate Management page of the EWS. The Certificate Management page contains the following tabs:
Certificate tab – Use to import, view details, remove, export, and use for e-mailing signing with certificates
Certificate Validation tab – Use to disable or enable validation of Kerberos server certificates with either the OCSP or CDP validation
The printer supports the following import formats for certificates:
.DER (binary)
.CER (binary or Base64)
.PEM (Base64, installs single certificate)
.PFX (identity certificate)
.P7B (CA certificates only)
Refer to the following information to manage the installed security certificates using the EWS.
The following procedures may also be performed from the Authorization page of the Networking tab.
Use the following steps to view the details of a certificate.
Using the top navigation tabs, click Security.
In the left navigation pane, click Certificate Management.
Select a certificate from the Certificates area.
Click View Details.
Use the following steps to remove a certificate.
Using the top navigation tabs, click Security.
In the left navigation pane, click Certificate Management.
Select a certificate from the Certificates area.
Click Remove....
Confirm the removal operation in the warning dialog box that displays.
Use the following steps to export an identity certificate.
Using the top navigation tabs, click Security.
In the left navigation pane, click Certificate Management.
Select a certificate from the Certificates area.
Click Export... .
When exporting an identity certificate on printers with firmware earlier than v23.4 using the Security > Certificate Management area, only the public key is exported. A private key can be exported with a certificate on printers with firmware earlier than v23.4 from the Networking > Authorization area.
When exporting an identity certificate on printers with firmware v23.4 or later, note the following:
Only the public key can be exported for TPM-protected private keys.
Private keys (for identity certificates) marked as exportable during import or generation require a password to be set when exporting.
Use the following steps to use a certificate for email signing.
Using the top navigation tabs, click Security.
In the left navigation pane, click Certificate Management.
Select the certificate from the Certificates area.
Click Use for E-mail Signing.
If Use for E-mail Signing is grayed out, the selected certificate cannot be used for email signing or is already selected for email signing.
Learn how to manage the installed remote app certificates.
The Manage Remote Apps page is available only for printers that have FutureSmart 4 with firmware version 4.5 or later. Use the Manage Remote Apps page to install and manage the certificates for the remote apps that are available on mobile devices. When a certificate is installed, the remote app is added to a whitelist that allows it to be used on the printer.
The printer supports the following import formats for certificates:
.DER (binary)
.CER (binary or Base64)
.PEM (Base64, installs single certificate)
Use the following steps to view the details of a remote app certificate.
Using the top navigation tabs, click Security.
In the left navigation pane, click Manage Remote Apps.
Select a certificate from the Registered Remote App Certificates area.
Click View Details.
Use the following steps to remove a certificate.
Using the top navigation tabs, click Security.
In the left navigation pane, click Manage Remote Apps.
Select a certificate from the Registered Remote App Certificates area.
Click Remove....
Confirm the removal operation in the Confirmation Page that appears by clicking the Delete button.
Use the following steps to export a certificate.
Using the top navigation tabs, click Security.
In the left navigation pane, click Certificate Management.
Select a certificate from the Registered Remote App Certificates area.
Click Export....