Closed ghost closed 6 months ago
Hey @LauraTaylorUK,
I found this SE thread with a similar error message, but using OpenSSL instead: https://serverfault.com/questions/1121312/error-message-the-format-of-the-file-is-invalid-when-attempting-to-import-cert. It may be worth a try to remove the intermediate certificate from your printer.crt
, and then retry the original command (or maybe the --legacy
one). Simplest option to make printer.crt
contain just the leaf is to remove all but the first ----- BEGIN CERTIFICATE ----- / ----- END CERTIFICATE -----
parts.
You'll likely need to install the intermediate cert in the clients connecting to your printer too to get a successful TLS connection, because the printer won't have it available to serve it. You could also opt for manually signing a cert for the printer using the root key, so that the intermediate's not required to get a full chain.
If you indeed have to install the intermediate on your client(s), you could file a bug with HP, because servers are responsible for sending the leaf + intermediates.
Thank you for the suggestio, I've tried the above trick, I removed the intermediate certificate but that did not help, same error :(
I also tried with and without --legacy
.
I've found the same posts, which is why I upgraded to the latest firmware, mine now is 20230822.
I think this looks like an HP bug and not related to step-cli, so I'm closing this issue.
Thank you for your help.
Steps to Reproduce
I own an HP LaserJet MFP M281 printer and I'm trying to install my own certificate.
I create a p12 PKCS#12 bundle file with:
step certificate p12 printer.pfx printer.crt printer.key --password-file=password.txt
and with the --legacy option as well:
step certificate p12 printer.pfx printer.crt printer.key --legacy --password-file=password.txt
I take the resulting
printer.pfx
file and I upload it to the HP printer, under Networking -> Certificates -> Printer Certificate -> Configure -> Import a Certificate and Private KeyBut the HP printer reports the following:
The format of the file is invalid.
(it is not clear at this point if the invalid file is the bundle .pfx file or the certificate/key pair)
Your Environment
step
CLI Version - Smallstep CLI/0.25.1 (linux/amd64)Expected Behavior
I would expect the HP printer to accept the certificate bundle.
Actual Behavior
Error:
The format of the file is invalid.
Additional Context
(it is not clear at this point if the invalid file is the bundle .pfx file or the certificate/key pair)
this happens with firmware 20230822.
With the 2021 firmware, the file was accepted without error but was never installed/used, the printer would still use its own self-signed certificate. Sometimes it would install fine and be used for about a day, but then overnight it would revert back to the self-signed certificate.
Thank you.
Contributing
Vote on this issue by adding a 👍 reaction. To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).