Looks like I have new hobby donated by xerox (if you can avoid greedy lying xerox, do it) – fixing my printer.
This time it just suddenly stopped to work with message “Encryption credentials have expired”. Previously I saw an option ‘Create new certificate’ on printer’s web page and my assumption was that probably certificate installed on printer was expired. At least I faced with that issues on embedded hardware like BMC’s many times, I tried to click on ‘Create new certificate’ button but it didn’t helped.
Let’s say thank you to xerox engineers and launch wireshark to figure out what happened. When I tried to resume print queue I saw communication on port 631 (IPP), which I able to decode as TLS in wireshark. openssl s_client shown expired certificate. Here is no option to uppload own key and certificate, but here is an option to downloads certificate signing request under Properties->Security->Machine Digital Certificate. So, I just created CA certificate:
$ openssl req -x509 -sha256 -days 3650 -newkey rsa:2048 -keyout rootCA.key -out rootCA.crt |
Signed it using the next config:
$ cat > ./printer.conf << EOF authorityKeyIdentifier=keyid,issuer basicConstraints=CA:FALSE subjectAltName = @alt_names [alt_names] DNS.1 = printer DNS.2 = printer.local IP.1 = 192.168.1.1 EOF |
$ openssl x509 -req -CA rootCA.crt -CAkey rootCA.key -in PRINTER_request_sslCertificate.pem -out printer.crt -days 3649 -CAcreateserial -extfile printer.conf |
And uploaded to printer.
Bonus point for SAN.
6 comments on “How to fix “Encryption credentials have expired” on xerox b215”
Ahhhh crapper, but then it prompts me for the password for the printer…which I no longer know…not 1111, not the serial number…shiiiiiit.
By default password is serial number.
If not, you can reset it via maintenance mode, but password for it is 1931 instead of 1111.
Upd
1934, at least for b215
Guess it is cert expiration time, as mine just stopped working too on a Xero B210! Tried to follow your directions, but got a “PRINTER_request_sslCertificate.pem: No such file or directory” error. Thoughts?
Using an Apple computer, if that matters. Appreciate any ideas.
You need to click “Create new certificate” and choose “Certificate Signing Request”, after that you will be able to download a csr.
Ahhhh crapper, but then it prompts me for the password for the printer…which I no longer know…not 1111, not the serial number…shiiiiiit.
Anyone else stumbles across this post, here is a reddit thread I pounced on that helped me.