cancel
Showing results for 
Search instead for 
Did you mean: 
  • ×
    Information
    Need Windows 11 help?
    Check documents and videos on compatibility, FAQs, upgrade information and available fixes.Windows 11 Support Center.
  • post a message
  • ×
    Information
    Need Windows 11 help?
    Check documents and videos on compatibility, FAQs, upgrade information and available fixes.Windows 11 Support Center.
  • post a message
The HP Calculator Community Message Board is moving. While we prepare for the move, we are unable to accept new postings. During the move, you can look for help from other users by visiting https://www.hpmuseum.org/ . Or if you need technical support for your calculator visit: HP Calculators. .
heiko-s
Level 1
2 1 1 0
Message 1 of 2
282
Flag Post

Solved!

HP DreamColor Z27x G2 - not able to create / install client certificate

HP Recommended
HP DreamColor Z27x G2
Linux

The HP DreamColor Z27x G2 screen allows for managing the display via https. To do so, one has to create and install several TLS certificates. I've followed the instructions of the "Remote Management setup for HP DreamColor Z31x/Z27xG2 Display" manual to the point, but the client certificate is always rejected.

I use openssl on Linux to create the self-signed CA certificate that is required. Here are the steps from the HP instructions:

openssl genrsa -out ca.key 2048

openssl req -new -key ca.key -out ca.csr

openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out serverCA.crt

openssl genrsa -out client.key 2048

openssl req -new -key client.key -out client.csr

openssl x509 -req -days 365 -in client.csr -signkey ca.key -out client.crt

openssl pkcs12 -export -clcerts -in client.crt -inkey client.key -out client.p12

Note that the above command gives an error:

No certificate matches private key

 

I've tried everything, to no avail. The above command works fine when I specify ca.key as the -inkey. But then the display refuses that client.p12 file with an error.

I've repeated the instructions several times, and have also shortened or modified the steps. But the monitor would not install the client certificate.

Nate that I have successfully created and installed the server certificates, in a similar way using openssl.

 

Please help!

1 ACCEPTED SOLUTION

Accepted Solutions
heiko-s
Author
Level 1
2 1 1 0
Message 2 of 2
Flag Post
HP Recommended

I found the solution. Here are the steps that differ from the instructions in the manual:

Create PKCS#12 document from the client private key and signed certificate

 

openssl pkcs12 -export -clcerts -out client.p12 -inkey ca.key -in client.crt

 

Note the -inkey ca.key !!!

Copying this key to the screen using a USB stick doesn't work. The screen/server correctly identifies the client.p12 file when zipped into ClientCertificate.zip, but installing it using the OSD fails with an error.

What did work is the following:

1. Connect to the HP screen / remote management server via web browser using http://

2. Select "Monitor Profile" from the "DreamColor Remote Access" drop-down menu.

3. Under "Certificates" there should already be a client certificate issues by HP. In any case, click "Add" and upload your own client.p12 certificate. If necessary, confirm overwriting the existing client certificate.

4. Follow the instructions in the "Remote Management setup for HP
DreamColor Z31x/Z27xG2 Display" technical white paper on how to install the client.p12 certificates in your browser.

5. Enable https via OSD.

6. When connecting to the remote management server in the HP DreamColor screen, your browser will of course complain about the self-signed certificate. Just click Advanced or whatever and confirm that you know what you are doing and that you wish to connect. That's it.

 

Hope someone at HP reads this and have HP fix the documentation.

View solution in original post

Was this reply helpful? Yes No
1 REPLY 1
heiko-s
Author
Level 1
2 1 1 0
Message 2 of 2
Flag Post
HP Recommended

I found the solution. Here are the steps that differ from the instructions in the manual:

Create PKCS#12 document from the client private key and signed certificate

 

openssl pkcs12 -export -clcerts -out client.p12 -inkey ca.key -in client.crt

 

Note the -inkey ca.key !!!

Copying this key to the screen using a USB stick doesn't work. The screen/server correctly identifies the client.p12 file when zipped into ClientCertificate.zip, but installing it using the OSD fails with an error.

What did work is the following:

1. Connect to the HP screen / remote management server via web browser using http://

2. Select "Monitor Profile" from the "DreamColor Remote Access" drop-down menu.

3. Under "Certificates" there should already be a client certificate issues by HP. In any case, click "Add" and upload your own client.p12 certificate. If necessary, confirm overwriting the existing client certificate.

4. Follow the instructions in the "Remote Management setup for HP
DreamColor Z31x/Z27xG2 Display" technical white paper on how to install the client.p12 certificates in your browser.

5. Enable https via OSD.

6. When connecting to the remote management server in the HP DreamColor screen, your browser will of course complain about the self-signed certificate. Just click Advanced or whatever and confirm that you know what you are doing and that you wish to connect. That's it.

 

Hope someone at HP reads this and have HP fix the documentation.

Was this reply helpful? Yes No
Warning Be alert for scammers posting fake support phone numbers and/or email addresses on the community. If you think you have received a fake HP Support message, please report it to us by clicking on "Flag Post".
† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation