HP Jetdirect 610n HP Jetdirect Print Servers - HP Jetdirect and SSL/TLS - Page 83

SSL/TLS Client: Certificates and Name Verification

Get HP Jetdirect 610n PDF manuals and user guides View all HP Jetdirect 610n manuals
Add to My Manuals
Save this manual to your list of manuals

Page 83 highlights

Jetdirect verifies that R2 has signed the server's certificate. It also verifies R2's certificate (e.g., it has not expired and so on) and makes sure that R2's certificate was signed by RootCA. This "walking the chain" functionality is very important for devices with limited storage space for certificates - like HP Jetdirect. SSL/TLS Client: Certificates and Name Verification You may remember that having "https://192.168.0.20" in the URL of the browser resulted in Internet Explorer 7 reporting a certificate problem but that "https://NPIC1F319.example.internal" ended up with everything okay. How the SSL/TLS client authenticates the SSL/TLS server is very important and is unfortunately mired in practical deployment problems. We'll try to sort through it all! The certificate itself has two very important fields that need to be discussed • Subject • SubjectAltName The subject field is where the Common Name is stored. What is the Common Name? Well, that is a good question since it was never really properly defined. The most likely thing for HTTPS is that it is the Fully Qualified Domain Name. Let's look at a trace where a browser has established an HTTPS connection with the Jetdirect device. Refer to Figure 38 - Subject. 83

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
83
Jetdirect verifies that R2 has signed the server’s certificate.
It also verifies R2’s certificate (e.g., it has
not expired and so on) and makes sure that R2’s certificate was signed by RootCA.
This “walking the
chain” functionality is very important for devices with limited storage space for certificates – like HP
Jetdirect.
SSL/TLS Client: Certificates and Name Verification
You may remember that having “https://192.168.0.20” in the URL of the browser resulted in Internet
Explorer 7 reporting a certificate problem but that “https://NPIC1F319.example.internal” ended up
with everything okay.
How the SSL/TLS client authenticates the SSL/TLS server is very important and
is unfortunately mired in practical deployment problems.
We’ll try to sort through it all!
The certificate itself has two very important fields that need to be discussed
Subject
SubjectAltName
The subject field is where the Common Name is stored.
What is the Common Name?
Well, that is
a good question since it was never really properly defined.
The most likely thing for HTTPS is that it is
the Fully Qualified Domain Name. Let’s look at a trace where a browser has established an HTTPS
connection with the Jetdirect device.
Refer to Figure 38 – Subject.