Overview

In the default configuration, the device uses a Xerox certificate authority (Xerox CA) signed device certificate for the Embedded Web Server HTTPS connection To establish a secure connection, when a client Web browser accesses the Embedded Web Server, it verifies the validity of the HTTPS certificate Depending on the Web browser, certain characteristics of the certificate need to be accurate Inaccuracies can cause the browser to issue certificate warnings or errors. Verifying the Validity Date Ensure that the certificate is not expired or otherwise outside of the validity date range Verify the validity dates on the certificate For example: If the date known by the Web browser is outside of the validity date range, a certificate warning or error can occur. Note : Ensure that the date and time are correct on the Xerox device and on the client that is running the Web browser. Verifying the Name and IP Addresses Verify that the name and IP addresses in the certificate correspond to the values that the Web browser expects for the Embedded Web Server Verify the certificate details for the Subject Alternative Name For example: X509v3 Subject Alternative Name: DNS:printer1.sdsp.mc.xerox.com, DNS:printer1.local, DirName:/C=US/ST=Connecticut/L=Norwalk/O=Xerox Corporation/OU=Xerox Corporation/CN=tester/emailAddress=tester@testdomain.com, IP Address:10.10.10.100, IP Address:1111:0:4321:ABCD:2222:FFFF:ABCD:4321, othername: If a name or IP address used to access the Embedded Web Server is not present in the certificate, a certificate warning or error can occur. Note : The names and IP addresses in the default device certificate reflect the current configuration of the device. Establishing a Chain of Trust To trust a certificate, a Web browser requires it to come from a trusted certificate authority To establish a chain of trust for the default device certificate, ensure that the root certificate of the signing CA is installed and trusted within each browser. To determine the required CA, obtain information about the issuer from the certificate For example: Issuer: C=US, ST=New York, L=Rochester, O=Xerox Corporation, OU=Generic Root Certificate Authority, CN=Xerox Generic Root Certificate Authority If the Web browser cannot establish a chain of trust, a certificate warning or error can occur. Note : Download the Xerox Generic Root CA and install it as a trusted CA in your Web browser Installation of the Xerox Generic Root CA resolves most Web browser certificate-trust errors When the Xerox Generic Root CA is installed and trusted for one Xerox device, all Xerox devices that leverage this root certificate connect without errors Validity Not Before: May 14 18:39:04 2021 GMT Not After: Jun 15 18:39:04 2022 GMT The names are based on the following, if available: The for the device. The for the device. The for the multicast DNS name for the device. The for the device. The for the device. The for the multicast DNS name for the device. The IP addresses are based on the following addresses, if available: The IPv4 address for the device. The IPv6 addresses for the device. The IPv4 address for the device. The IPv6 addresses for the device.