cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

MF735cx "Register" Certificate produces error

libove
Contributor

I am trying to register a TLS/SSL certificate in my MF735cx, to enable secure HTTP communication with the System Management HTTP interface. I have imported my organization's CA certificate successfully. I have generated a CSR successfully. My organization's CA has accepted the CSR, and has generated a Certificate.

 

However, every time I try to Register that Certificate int he MF735cx, I get:

"This page isn’t working If the problem continues, contact the site owner. HTTP ERROR 400"

.. from the System Management HTTP interface URL http://192.168.254.11/cgi/m_sec_list_csr_regist.cgi

 

Any ideas on how to figure out exactly what is causing the MF735cx to choke?

(The MF735cx firmware is up to date, as of three days ago).

 

Below is the content of the Certificate, in case someone can check to see if perhaps it exceeds the capabilities of the MF735cx?

 

Thanks,

-Jay

 

-----BEGIN CERTIFICATE-----
MIIFyDCCBLCgAwIBAgITHQAAAOk1wO7vYwG9IQAAAAAA6TANBgkqhkiG9w0BAQsF
ADBbMRMwEQYKCZImiZPyLGQBGRYDb3JnMRcwFQYKCZImiZPyLGQBGRYHZmVsaW5l
czETMBEGCgmSJomT8ixkARkWA0FEMzEWMBQGA1UEAxMNQUQzLVJFU0VUNy1DQTAe
Fw0xODA2MDcxMjA0NDVaFw0xOTA0MDMxNzIyNTlaMHYxCzAJBgNVBAYTAkVTMQ8w
DQYDVQQIEwZHaXJvbmExGDAWBgNVBAcTD1JpYmVzIGRlIEZyZXNlcjEVMBMGA1UE
ChMMRmVsaW5lcyBSIFVzMSUwIwYDVQQDExxDYW5vbk1GNzM1Y3guQUQzLkZlbGlu
ZXMub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvlhmAVD0KoJG
Ctx9dgL7srbaQMSSKwycbMfygffaTONB/3zeErlbWkfoxNxJFdWwf9Fe62WvFnIY
W+hwfH/JFT+3bBRUPZ4gWP8YhUJs2dmTaWi8KpswDChb0JcVW7NWqn3liAB9F1pi
aokcTDQr6PlbCS64IBgs6e4KxkilOv360lb/icK1Djk1pgxhYrLvPNZzQLGzL1i+
rQucza3ffU34i/VvF5HLJk4e5fpjYlItAEMJxRdZWCicQxnotnFVgorO9kbwR3Hg
tOCD/85qyzBlyjFoVRhPxfBZw+m0x0tGo2Tu2AyrrmoiTmEfrqQ8NgpEFFasS/5V
tUOvt+dRqQIDAQABo4ICaDCCAmQwHQYDVR0OBBYEFAms9cYdGjWfHG7XuZR2xq9Z
6Sp3MB8GA1UdIwQYMBaAFA0SH0wd6PDO2hJlwXnze4d7AzvDMIIBDwYDVR0fBIIB
BjCCAQIwgf+ggfyggfmGgbpsZGFwOi8vL0NOPUFEMy1SRVNFVDctQ0EsQ049UmVz
ZXQ4LENOPUNEUCxDTj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNl
cyxDTj1Db25maWd1cmF0aW9uLERDPUFEMyxEQz1mZWxpbmVzLERDPW9yZz9jZXJ0
aWZpY2F0ZVJldm9jYXRpb25MaXN0P2Jhc2U/b2JqZWN0Q2xhc3M9Y1JMRGlzdHJp
YnV0aW9uUG9pbnSGOmh0dHA6Ly9SZXNldDguQUQzLmZlbGluZXMub3JnL0NlcnRF
bnJvbGwvQUQzLVJFU0VUNy1DQS5jcmwwgcYGCCsGAQUFBwEBBIG5MIG2MIGzBggr
BgEFBQcwAoaBpmxkYXA6Ly8vQ049QUQzLVJFU0VUNy1DQSxDTj1BSUEsQ049UHVi
bGljJTIwS2V5JTIwU2VydmljZXMsQ049U2VydmljZXMsQ049Q29uZmlndXJhdGlv
bixEQz1BRDMsREM9ZmVsaW5lcyxEQz1vcmc/Y0FDZXJ0aWZpY2F0ZT9iYXNlP29i
amVjdENsYXNzPWNlcnRpZmljYXRpb25BdXRob3JpdHkwIQYJKwYBBAGCNxQCBBQe
EgBXAGUAYgBTAGUAcgB2AGUAcjAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYI
KwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggEBAAHGM8GwyV9zRqhUhPFg4ZYd0LPi
V7G9AQWst9/qK+UYBc8x7ORI8pLW+nInVdWln5IS7+/8LoWdS6v/9lCU3FHbrhyQ
56EhXNv4qtr4qZCksgsAKqclfefiGHzdtcgdDdXvtJJzsaRxxHzNTFdPpGoFYXKY
pQ8k0vp8qyhIzjvUkiawceQiEgdOHq9CnHkBtnHDGw0J5ar7Ah7iQEauQx2kDJ67
1oUx2mP3qsXBe7IRxjIKGX/DTxJCapoS5GagsHVrxmr2S5KpGJgCChZQq7r6wfYg
mJV0ZnAGWf1XEoQ6NkUH1QMze8fCK4sCiBlu1esjbf+kKxbH6X3IgA+D1so=
-----END CERTIFICATE-----

 

 

4 REPLIES 4

Stephen
Moderator
Moderator

Hello libove!


Welcome to The Canon Community, and thank you for your inquiry!

We appreciate your participation, however we need to let you know that the Canon Community is hosted and moderated within the United States by Canon USA. We are only able to provide support for Canon products manufactured for and used within the US market.

If you live outside the United States, please CLICK HERE and select your country or region for your support needs.

You're welcome to discuss Canon products sold outside of the United States, but please be aware that you will not receive support directly from Canon USA.

I kind of figured I'd get that official reply, which is supremely disappointing because even though the i-SENSYS series MARKET is ex-US, I'm fairly sure that the (great majority of the) hardware and software and most of the issues are common.

So, hopefully, either Canon itself will willingly look into this, or someone else on the forum will have had a comparable problem (with the imageCLASS series which is the i-SENSYS' brother-line in the US) and will respond.

This is especially important because the Canon Europe websites DON'T HAVE A "Community" OPTION.

Hello libove,

its a very old question, and maybe you already have an answer. However, the webinterface of this printer is truly horrible, slow, and doesn't provide adequate error messages if something goes wrong. So maybe this helps somebody else who struggles.

This is how it worked for me to sign the CSR with our own CA using XCA (but any other tools should be just fine)

1) make sure you first import your own CA certificate through Device Management -> CA Certificate Settings. If it doesn't work without a proper error message (could not import, format is wrong, etc), make sure the file extension is pem (I just renamed my ca.crt to ca.pem and it worked)

2) generate your CSR, which results in a pem file

3) import the pem file to XCA as a CSR

4) sign it and verify that you choose TLS Server as template, update the validity properly (by default XCA only adds a year but for local network printers, often longer periods are fine), and key usage has to be minimum Digital Signature, Key Encipherment, Key Agreement (all that should be added by default)
5) export in DER format as a file with cer file extension
6) import the cer file to the Remote UI. if you get an error message, make sure that the filename is only alphanumeric characters and only 8 characters wrong e.g. "cert.cer" (otherwise you get again some non-descriptive error message and it took me some time to find out its just the filename length that is not OK)
7) if the import is successful, you can use this certificate for the Remote UI: network settings -> TLS settings -> Key and certificate ...
😎 lastly enable TLS in license/other -> Remote UI ....
9) shutdown, wait 10 seconds, start the printer again.

libove
Contributor

@PI2007 thank you for your effort, and indeed I had encountered the "certificate file name is too long" (but we won't say that in the error message) problem.

But I ran into another, fatal problem: The total size of the certificate import is too large, for certificates which are signed by CAs requiring intermediate CAs in the signing path to the root. The result of THAT was to brick my MF735cx such that a factory reset was needed to re-enable ANY network access. (The semi-successful cert upload turned OFF non-SSL/TLS access, while failing to turn ON SSL/TLS access because the machine choked on the too-large cert size. I forget whether the cert size limit was 2K or 4K, but anyway it's less than most intermediate-signed-certs-including-path-to-root). Really poor quality, Canon.

 

Announcements