Ricoh 171 SSL / TLS Certificate

**zed255** · 03-08-2018, 11:43 PM

Re: Ricoh 171 SSL / TLS Certificate

You should be able to accept the insecure connection using Chrome and get into WIM. Otherwise just change back to Ciphertext/Cleartext in User Tools.

**sandmanmac** · 03-09-2018, 12:49 AM

Re: Ricoh 171 SSL / TLS Certificate

Originally posted by StephenB

This is on a Ricoh spf 171, (long story) I created a SSL /TLS certificate putting in client info (dumb idea). Anyway now I cannot access the device thru the Web interface. Any browser blocks access to the site, a security risk.
Which memory clear will reset / clear the security settings ( now that I can no longer access the WIM)

Thanks for any ideas

This should do it:

SP5870-003
Execute
Reboot

Coincidentally, I ran accross this recently myself with a couple of machines.
I started this thread about it, and thanks to some great advice, I confirmed the solution in my final post

**slimslob** · 03-09-2018, 01:26 AM

Re: Ricoh 171 SSL / TLS Certificate

I have always used SP 5801-011 NCS (Network Control System) clear a device certificate. Why were you trying to create a certificate? Most apps and options that require certificate, such as @remote, will generate their own certificate during installation.

**sandmanmac** · 03-09-2018, 01:50 AM

Re: Ricoh 171 SSL / TLS Certificate

Originally posted by zed255

You should be able to accept the insecure connection using Chrome and get into WIM.

This is crazy! I just set up a device certificate again to play around, and you're right! On the "warning page", I was able to click on the advanced tab and either select "proceed anyway", or "add an exception" (depending on the browser) and access the WIM.
I swear that didn't work 2 months ago when I was struggling with this!

**StephenB** · 03-09-2018, 09:52 PM

Re: Ricoh 171 SSL / TLS Certificate

thank you everyone for answers, Problem solved !

**peterxu256** · 03-11-2018, 06:35 PM

Re: Ricoh 171 SSL / TLS Certificate

Originally posted by StephenB

thank you everyone for answers, Problem solved !

Yes, Problem solved quickly resulted in web browser setting, has nothing to do with the printer. the SSL/TLS certificate not working with browsers pop up warning message, it needs a thousand dollars to get Root Authority Certificate from CA top level. I met many times and give up.

**rthonpm** · 03-12-2018, 08:33 PM

Re: Ricoh 171 SSL / TLS Certificate

Originally posted by peterxu256

Yes, Problem solved quickly resulted in web browser setting, has nothing to do with the printer. the SSL/TLS certificate not working with browsers pop up warning message, it needs a thousand dollars to get Root Authority Certificate from CA top level. I met many times and give up.

The only machines I generally install certificates on are in Active Directory networks where they can generate their own devicename.domain.com certificates to be trusted in their AD. Outside of that, I try to just put the web interface to be accessible from specific machines.

**peterxu256** · 03-12-2018, 11:44 PM

Re: Ricoh 171 SSL / TLS Certificate

Originally posted by rthonpm

The only machines I generally install certificates on are in Active Directory networks where they can generate their own devicename.domain.com certificates to be trusted in their AD. Outside of that, I try to just put the web interface to be accessible from specific machines.

It has nothing to do with Windows AD.
Just like some website HTTPS, other just http.

**rthonpm** · 03-13-2018, 02:12 AM

Re: Ricoh 171 SSL / TLS Certificate

Originally posted by peterxu256

It has nothing to do with Windows AD.
Just like some website HTTPS, other just http.

I'm well aware of that. For internal networks, Active Directory offers the ability to build out an internal CA, which is why I use it for customers with AD in place as opposed to buying external certificates. If the means to build out TLS protected sites, especially for ones that only need to be on internal networks, is already in a product the majority of my customers are using, why wouldn't I use it?

Certificates from an outside provider like Digicert are best used for sites on the public Internet as opposed to something like a Web interface that only needs to be on an intranet.

One other issue with the MP 171, it can't generate a cert with a high enough encryption standard to get most broswers to say it's secure since you can't remove the old export grade ciphers from the machine.

Sent from my Classic using Tapatalk

**peterxu256** · 03-13-2018, 02:37 AM

Re: Ricoh 171 SSL / TLS Certificate

You mentioned the key points in last paragraph.
The printer for that model generated Device /site certificate useless for current website. Haven't found FREE CA certificate to input into the printer let web browser accept it as https://192.168.X.Y

**rthonpm** · 03-13-2018, 03:37 PM

Re: Ricoh 171 SSL / TLS Certificate

Originally posted by peterxu256

You mentioned the key points in last paragraph.
The printer for that model generated Device /site certificate useless for current website. Haven't found FREE CA certificate to input into the printer let web browser accept it as https://192.168.X.Y

Without a firmware upgrade coming from Ricoh that disables the export grade ciphers, there's nothing any CA can do because those older cipher versions will always be offered by the device, and as soon as a browser sees that, it's going to give you issues unless you change the config for the browser to allow it.

**peterxu256** · 03-13-2018, 03:47 PM

Re: Ricoh 171 SSL / TLS Certificate

Originally posted by rthonpm

Without a firmware upgrade coming from Ricoh that disables the export grade ciphers, there's nothing any CA can do because those older cipher versions will always be offered by the device, and as soon as a browser sees that, it's going to give you issues unless you change the config for the browser to allow it.

That's correct.

Ricoh 171 SSL / TLS Certificate

Ricoh 171 SSL / TLS Certificate

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment