Big news! The community will be moving to a new platform April 21. Read more.
Big news! The community will be moving to a new platform April 21. Read more.
Absent Member.
Absent Member.
2332 views

Lexmark x852e Certificate Mgmt etc

Hello:
I am posting this in the hope that someone else out there may have some
info to assist.
Lexmark several models of MFP Multifunction Printer Devices available.
They consist of a scanner/copier/fax device connected to a laser printer.
It is possible to control ohysical access to the devices touch panel
functions like fax, copy, scan to email by requiring the intended user
to input his cn and pwd.
The device can be configured to use LDAP port 636 SSL to talk to eDir.

This has worked quite nicely in our env.
We export the TR from our CA and use the Sun java keytool.exe to import
it into a cacerts keystore used by the MFP.
The MFP can then use this cert to establish an SSL connection to our
LDAP Server.

Recently Lexmark has changed the format of the certificates its MFPs
accept e.g. x852e Model to *.PEM format.
C1 under netware does not export in *.pem format only in b64 or *.der.

Any suggestions
0 Likes
2 Replies
Absent Member.
Absent Member.

Richard,

It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.

Has your problem been resolved? If not, you might try one of the following options:

- Do a search of our knowledgebase at http://support.novell.com/search/kb_index.jsp
- Check all of the other support tools and options available at
http://support.novell.com.
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://support.novell.com/forums)

Be sure to read the forum FAQ about what to expect in the way of responses:
http://support.novell.com/forums/faq_general.html

If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.

Good luck!

Your Novell Product Support Forums Team
http://support.novell.com/forums/


0 Likes
Absent Member.
Absent Member.

Richard Seepaul wrote:
> Hello:
> I am posting this in the hope that someone else out there may have some
> info to assist.
> Lexmark several models of MFP Multifunction Printer Devices available.
> They consist of a scanner/copier/fax device connected to a laser printer.
> It is possible to control ohysical access to the devices touch panel
> functions like fax, copy, scan to email by requiring the intended user
> to input his cn and pwd.
> The device can be configured to use LDAP port 636 SSL to talk to eDir.
>
> This has worked quite nicely in our env.
> We export the TR from our CA and use the Sun java keytool.exe to import
> it into a cacerts keystore used by the MFP.
> The MFP can then use this cert to establish an SSL connection to our
> LDAP Server.
>
> Recently Lexmark has changed the format of the certificates its MFPs
> accept e.g. x852e Model to *.PEM format.
> C1 under netware does not export in *.pem format only in b64 or *.der.
>
> Any suggestions

Hello:
Finally something useful to post here:
Newer model Lexmark MFP (Multi function devices printer fax copy scan to
email etc) can be configured to require authentication to access touch
screen access to device functions. The authentication methods can be
chosen by the device administrator.
Previous versions of the devices had an embedded JRE 1.4.2.x
These versions required that the eDir Server Cert be exported and
imported into the JVM Keystore to support LDAP over SSL.
This process was similar to using keytool.exe to import an iPlanet Cert.
The newer models do not use an embedded jre and the keystore.
The devices are configured out of the box with defaults that work with
"Guess what Directory Service" ? SO of course you need to fix it to work
with eDir. Lexmark does not make this process easy because of not
providing customers with the information they need to easily do it.

The process for getting these to work is to:
1) export your TR Cert in b.64 format (if on netware, on Linux you can
export directly in .pem format). This is the cert associated with your
LDAP Server for authentication.
2) Import this cert as a CA for each of the MFP devices you wish to
control access to.
The url shown below allows you to see if your cert has been imported.
http://<insert your mfp ip address
here>/cgi-bin/dynamic/config/net/cert_ca_info.html


3) Configure your Lexmark MFP to point to your LDAP Server use SSL port
636 etc. The key here is that in the field for LDAP Server name you
must use the either FQDN or what ever name is associated with your
servers certificate.
4)Rename this file with a .pem extension. lexmark 852 MFP will only
accept a cert in pem format.
5) Configure the settings at this url to meet your requuirements

http://YourLexmarkMFPIpAddress/cgi-bin/dynamic/config/net/address/searchattri.html

What you choose here depends on how you want users to authenticate using
LDAP

6)test You can iMonitor DS Trace to see LDAP traces from your LDAP
Server YOu can see the LDAP Log from your Lexmark MFP at
http://YourLexMarkMFPIpAddress/cgi-bin/dynamic/config/secure/ldapLOG.html


Hope this helps anyone wanting to do this, it works quite well and
leaves us with audit trail re who scanned the sunshine girls picture and
emailed it to the CEO from the MFP.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.