Security

1) I am using Canon C2230 printer with 802.1x enabled. (This printer cannot do CSR and export cert)

2) I uploaded the Root CA into the printer (Onbard as Root CA)

3) I created and uploaded a client cert via onboard (CSR) with the username same as the printer

4) I am very sure that switchport configuration is correct because if works for other devices 

 

Any idea why am I getting the following error message? Am I doing the right way?

EAP-TLS: fatal alert by server - internal_error

eap-tls: Error in establishing TLS session

Did you upload both the Onboard and Onboard Signing cert?


Thanks,
Tim

yes, infact when i exported to p12 format and uploaded it, both the certs appears as trusted list CA in the printer. 

Is the printer running the latest firmware?
Did you give the printer the private key password?

Printers tend to have really crappy supplicants which is why most people don't do dot1X with them.


Thanks,
Tim

i am asking my client to ask his printer vendor to come down. I will ask him to upgrade to the latest firmware. Meanwhile I am just wondering if I did anything wrong or miss out on the onboard. on boarding for other devices works though. the only different is creating the user client manually. Yes, password was needed to decrypt the p12 file when I uploaded it.

Just as a point of information, I've never had a printer work correctly with 802.1X authentication.


Thanks,
Tim

Would you be able to configure it to do just MSCHAPv2/PEAP?

 

We had a Brother wireless printer that I configued to use this and it works like a champ.

I believe they had an option to ignore any certiciate warnings.

 

I know it isn't the most secure solution, but it works and seems to be pretty reliable.

Very few people have gotten a printer to do PEAP or EAP-TLS successfully..

@cappalli has shared those same sentiments.

 

It sounds like we got really lucky with the printers that we purchased.