-
×InformationWindows update impacting certain printer icons and names. Microsoft is working on a solution.
Click here to learn moreInformationNeed Windows 11 help?Check documents on compatibility, FAQs, upgrade information and available fixes.
Windows 11 Support Center.
-
×InformationWindows update impacting certain printer icons and names. Microsoft is working on a solution.
Click here to learn moreInformationNeed Windows 11 help?Check documents on compatibility, FAQs, upgrade information and available fixes.
Windows 11 Support Center.
- HP Community
- Desktops
- Desktop Video, Display and Touch
- HP DreamColor Z27x G2 - not able to create / install client ...
Create an account on the HP Community to personalize your profile and ask a question
12-29-2020 09:03 AM
The HP DreamColor Z27x G2 screen allows for managing the display via https. To do so, one has to create and install several TLS certificates. I've followed the instructions of the "Remote Management setup for HP DreamColor Z31x/Z27xG2 Display" manual to the point, but the client certificate is always rejected.
I use openssl on Linux to create the self-signed CA certificate that is required. Here are the steps from the HP instructions:
openssl genrsa -out ca.key 2048
openssl req -new -key ca.key -out ca.csr
openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out serverCA.crt
openssl genrsa -out client.key 2048
openssl req -new -key client.key -out client.csr
openssl x509 -req -days 365 -in client.csr -signkey ca.key -out client.crt
openssl pkcs12 -export -clcerts -in client.crt -inkey client.key -out client.p12
Note that the above command gives an error:
No certificate matches private key
I've tried everything, to no avail. The above command works fine when I specify ca.key as the -inkey. But then the display refuses that client.p12 file with an error.
I've repeated the instructions several times, and have also shortened or modified the steps. But the monitor would not install the client certificate.
Nate that I have successfully created and installed the server certificates, in a similar way using openssl.
Please help!
Solved! Go to Solution.
Accepted Solutions
12-30-2020 12:41 PM - edited 12-30-2020 12:44 PM
I found the solution. Here are the steps that differ from the instructions in the manual:
Create PKCS#12 document from the client private key and signed certificate
openssl pkcs12 -export -clcerts -out client.p12 -inkey ca.key -in client.crt
Note the -inkey ca.key !!!
Copying this key to the screen using a USB stick doesn't work. The screen/server correctly identifies the client.p12 file when zipped into ClientCertificate.zip, but installing it using the OSD fails with an error.
What did work is the following:
1. Connect to the HP screen / remote management server via web browser using http://
2. Select "Monitor Profile" from the "DreamColor Remote Access" drop-down menu.
3. Under "Certificates" there should already be a client certificate issues by HP. In any case, click "Add" and upload your own client.p12 certificate. If necessary, confirm overwriting the existing client certificate.
4. Follow the instructions in the "Remote Management setup for HP
DreamColor Z31x/Z27xG2 Display" technical white paper on how to install the client.p12 certificates in your browser.
5. Enable https via OSD.
6. When connecting to the remote management server in the HP DreamColor screen, your browser will of course complain about the self-signed certificate. Just click Advanced or whatever and confirm that you know what you are doing and that you wish to connect. That's it.
Hope someone at HP reads this and have HP fix the documentation.
12-30-2020 12:41 PM - edited 12-30-2020 12:44 PM
I found the solution. Here are the steps that differ from the instructions in the manual:
Create PKCS#12 document from the client private key and signed certificate
openssl pkcs12 -export -clcerts -out client.p12 -inkey ca.key -in client.crt
Note the -inkey ca.key !!!
Copying this key to the screen using a USB stick doesn't work. The screen/server correctly identifies the client.p12 file when zipped into ClientCertificate.zip, but installing it using the OSD fails with an error.
What did work is the following:
1. Connect to the HP screen / remote management server via web browser using http://
2. Select "Monitor Profile" from the "DreamColor Remote Access" drop-down menu.
3. Under "Certificates" there should already be a client certificate issues by HP. In any case, click "Add" and upload your own client.p12 certificate. If necessary, confirm overwriting the existing client certificate.
4. Follow the instructions in the "Remote Management setup for HP
DreamColor Z31x/Z27xG2 Display" technical white paper on how to install the client.p12 certificates in your browser.
5. Enable https via OSD.
6. When connecting to the remote management server in the HP DreamColor screen, your browser will of course complain about the self-signed certificate. Just click Advanced or whatever and confirm that you know what you are doing and that you wish to connect. That's it.
Hope someone at HP reads this and have HP fix the documentation.
Didn't find what you were looking for? Ask the community