IPP over SSL/TLS in Windows Vista: Can it be done?

Question

I'm trying to connect a Windows Vista client to a Lanier LD445c (scanner/copier/printer) using IPP over SSL/TLS in order to provide an encrypted channel for printing. The LD445c that I setup for testing is using a self-signed certificate and I'm using the drivers straight from the manufacturer.

Windows XP clients work fine when I set up the printer using https, but when I attempt with Vista Enterprise client it flat out refuses to map the printer. I've done packet captures that show that the client makes a succesful connection to the printer, but after a brief exchange of packets the client sends a RST.

• Does Windows Vista support IPP over SSL/TLS?
• If so, is there a straightforward guide that explains how to get it set up?.
• If not, what options of encrypting print jobs do I have?

Answer 1

Here's a nice blog entry describing the tribulations associated with getting IPP over SSL to work from an MSFT employee: http://blogs.msdn.com/spatdsg/archive/2007/08/08/-Putting-CAPI2-logging-to-good-use.aspx

Basically, XP didn't care about a self-signed cert on IPP resources being accessed with HTTPS, but Vista does. Surprise, surprise.

You have 3 choices:

• Install the CA certificate used to sign the printer's cert onto your client(s) (can be published via AD - see http://technet.microsoft.com/en-us/library/cc738131(WS.10).aspx).

• Use your own enterprise CA that your clients already trust to sign the certificate for the printer (if you have one)

• Get a certificate from a third-party CA that the clients already trust for the printer (which seems like an expensive and bad idea)

That blog post goes thru generating a self-signed cert on a client computer. I don't have any Lanier documentatation, but presumably there's somewhere in the web interface that you could upload a certificate and a private key.