0
Recently I had to fix a problem in a clients office where their "Scan to Email" function wasn't working on their Lexmark printer. A gmail account's SMTP settings had been working with SSL for several weeks prior and had recently stopped working for no apparent reason...
I called the rep and they had me manually download the SSL certs and upload them to the printer. I am by no means an expert on SSL but shouldn't the printer be directed to a certificate authority and acquire the cert that way? I have never had to download and install a cert before.
Anyway, it fixed the problem. I'm just trying to understand why, and was wondering if someone could shed some light on the issue.
Greg G
Posted 2014-05-05T09:12:24.390
Reputation: 145
The reason it stopped working was because of Heartbleed. You will have to ask Lexmark the reason you had to do this manualy. My guess it has something to do with the configuration of the network the printer is on. – Ramhound – 2014-05-05T10:46:36.157
Didn't google patch heartbleed right away? This happened a few weeks after the heartbleed news broke, and the it was working for quite a while after Google's patch without local SSL certs... – Greg G – 2014-05-05T10:50:39.157
They did indeed patch it right away. That does not mean that the printer was aware of the revocation right away though. You manually downloaded the SSL for where exactly? – Ramhound – 2014-05-05T10:57:55.103
There is an option, in the SMTP settings, to upload the ssl cert. I was provided the cert by the rep who used a linux machine and openssl to download the certs. Then he emailed them to me, I then had to uploaded them. It may be that their smtp client is so simple that you have to do this? I'm really just wondering how a normal email client handles this, how does it know where to grab the ssl cert, & is it possible this simple client is just lacking that feature? – Greg G – 2014-05-05T11:02:03.913
A normal email client on an operating system would use the certificate store of the operating system to handle this. I will be honest, if I were simply told that some certificate was Google's certificate, I wouldn't personally trust it. – Ramhound – 2014-05-05T11:10:21.360
That's what I thought, it seemed backwards, but the client needed it working ssl or not, so I thought for the time being it was better than nothing. It's interesting that the OS provides the cert. I need to read up on this some more I guess. Glad i'm not the only one who thought it was strange. – Greg G – 2014-05-05T11:14:03.593
You asked about the typical situation. The printer is an embeeded system which isn't a typical situation. It very well require this normally to be done and because of recent events Lexmark has not pushed those updates yet. Your multiple use of the word
clientis starting to confuse me :$ – Ramhound – 2014-05-05T11:22:29.713My apologies, by "client" I meant: the person/business paying me to do the work NOT the email software. I should have said "company" instead – Greg G – 2014-05-05T11:25:46.840
I had a general idea what you meant. What email software are you using. I just assumed it was a major os with a major email client. – Ramhound – 2014-05-05T11:46:29.183