Post new question
Top Student
Posts: 5
Member Since: ‎03-18-2013
Message 1 of 11 (7,156 Views)

m4345 mfp smtp ssl issues



Running the latest version of the firmware (20121220 48.272.0) but clearly the implementation of "SSL Support for SMTP" isn't adequate for today's world. I am posting in hopes for others to save themselves time and grief while getting this to work specifically with Google Apps (or GMail).


To recap, tried to interface the printer with Google Apps using SSL. As per Google, you have two options - one is to use SSL authentication which permits you to authenticate to their services and scan-to-email to any valid email address or to use regular SMTP and only send to other Google Apps or GMail address. The non-SSL works fine, you just point to on port 25 and you are done.


The SSL option is what causes a lot of grief as the hp mfp throws errors of either Unknown CA or Unknown Certificate as per Wireshark.


The setup is relatively easy in theory, point to, checkmark "Enable SSL Support for SMTP" and either use port 465 (SSL) or 587 (STARTTLS).


Port 465 doesn't work at all. I don't think the mfp knows that it has to establish an SSL connection on port 465 and it just keeps sending packets to the remote host without success. So scratch getting port 465 to work at all.


Port 587 was more promising. The "Test" button works in the web console since the remote host responds in plain text and switches to TLS when STARTTLS is issued... and this is when all the trouble begins.


Looking at Wireshark, the devices successfully connects and sends the STARTTLS, sends a Client Hello, the remote responds in turn with a Server Hello and it sends its certificates. For it sends two certificates - one for which is issued by Google Internet Authority, and then it also sends the certificate for Google Internet Authority which is signed by Equifax Secure Certificate Authority.


This is when the mfp device throws the first error - Alert: (Level: Fatal, Description: Unknown CA). This is a farily common error in most email setups which basically means the device is not aware of the Equifax Certificate... No problem, the mfp has a Certificate Management option. I've uploaded the equifax certificate and tried again! This time the device exchanges certificates but throws a fatal Unknown Certificate error which is pretty generic. I've tried extracting (using openssl) the certificate and importing it into the device to no avail, then I tried to extract and import the Google Internet Authority certificate and again to no avail... I've had all /three/ certificates on the device which is the entire chain of certificates but clearly the mfp chokes on something else in this setup and I've had to chose the lesser frustrating route and just use the non-SSL SMTP delivery for now.


If anybody from HP is reading, it would be nice if you guys could open a problem ticket for this because it seems like all the functionality is there but clearly a bug/feature prevents this from working. It would also be nice if an option existed in the device to ignore certificate errors because what we really want is simple a secure tunnel vs verifying the chain of certificates when sending emails in 99.99% of the cases. I am certain this would resolve this issue and help many scenarios.


If needed, I can provide the wireshark captures for this.



P.S. this thread has been moved from LaserJets to Multifunction and All-in-One - Hp Forums moderator

0 Kudos
Posts: 2,026
Member Since: ‎07-08-2011
Message 2 of 11 (7,136 Views)

Re: m4345 mfp smtp ssl issues

You are not alone:



HP is not required to respond to anything posted here as this is a user to user forum.  Open an incident with HP directly for a more speedy and official response. 

My HP Enterprise Profile
My Verizon Wireless profile
If you found this post helpful then please award it a Kudo (purple thumbs up) or even better mark it as the solution : )
Master's Graduate
Posts: 1,423
Member Since: ‎10-03-2009
Message 3 of 11 (7,123 Views)

Re: m4345 MFP SMTP ssl issues

>I've tried extracting (using openssl) the certificate and importing it into the device to no avail, then I tried to extract and import the Google Internet Authority certificate and again to no avail... I've had all /three/ certificates on the device which is the entire chain of certificates


Could you please zip up and attach these three certificates and I'll check to see if "openssl verify" likes them.

Top Student
Posts: 5
Member Since: ‎03-18-2013
Message 4 of 11 (6,460 Views)

Re: m4345 mfp smtp ssl issues


Figured I'd post a quick update... HP has fixed the issues with SSL email, specifically GMail. I've updated to the latest version as of today, 20140127 48.301.7, and it works as intended. Kudos to HP for fixing the bug.


To make it work, enter as the Device's SMTP Gateway, checkmark Enable SSL Support for SMTP, use 587 for the Port, checkmark Enable SMTP Authentication and either use the Public Credentials to hardcode one username and password or Use Device User Credentials.


Note that Google Apps, paid version, also permits you now to relay email without using TLS/SSL -


This is a decent workaround for devices which only speak SMTP but it does require a paid subscription to Google Apps.

Posts: 1
Member Since: ‎07-15-2014
Message 5 of 11 (5,962 Views)

Re: m4345 mfp smtp ssl issues

I still cannot make this work following these directions.  If anyone else has had any luck getting Gmail to work with an M4345, I would really like to hear how.  I know there are two screens where you input email settings.  I think the same information gets input in both.

Top Student
Posts: 5
Member Since: ‎03-18-2013
Message 6 of 11 (5,443 Views)

Re: m4345 mfp smtp ssl issues


Indeed something seems to be broken as the test passes in the web interface but when you click on the Email button on the control panel the printer attempts to do a PTR dns lookup of the gmail server that it connected to last, here is packet trace


6390 472.918815000 DNS 87 Standard query 0x6eea PTR
6391 472.955850000 DNS 147 Standard query response 0x6eea No such name


I've replace the printer ip ( and even tried to use the google dns servers ( to no avail. If you do a test gateway from the control panel or the web interface the printer properly does a lookup of or if using the IP, it connects properly. As soon as you hit the Email button on the control panel it attempts to lookup the PTR record of the last ip from the test and when it fails, since it doesn't exists, it removes the email button.


Tried with the latest version as well to no avail. I am downgrading to a different version to check if that perhaps solves it.


As an aside, hp really ought to add some debugging codes to the panel --- It simply states that it can't find the gateway but yet the web console and the test smtp gateway from the initial setup menu on the panel works. I tire of having to mirror the port to a desktop to get any kind of clues from the device.


Top Student
Posts: 5
Member Since: ‎03-18-2013
Message 7 of 11 (5,435 Views)

Re: m4345 mfp smtp ssl issues


I've got it working by using the reverse lookup address of the IPs returned by This is using the latest firmware 48.306.1 and it also worked with earlier releases as I was testing a few things. All in all, I don't recommend using these printers with the servers as there are too many things which can do wrong and hp doesn't seem to be keen on getting it properly implemented.


I've switched the printers to using as we use them internally but they also have a free account that permits you to send 12,000 messages per month for free. It also gives you more visibility to your email as you can actually see if it hits their server and what happens to the mail after they receive it.


You could also use which offers 200 messages per month for free... Setup is pretty straightforward with either of them but I've actually tested so I can attest that it works perfectly.


For, enter as the Device SMTP Gateway, deselect Enable SSL Support for SMTP if checked, use 587 for the Port, select Enable SMTP Authentication, type in your credentials and Apply.


Only caveat is that Google Mail classifies most of the emails from mail relays as "Updates" in your inbox. So if you are using Google Mail with their new Inbox, check Updates for your digital documents.



Top Student
Posts: 5
Member Since: ‎03-18-2013
Message 8 of 11 (5,429 Views)

Re: m4345 mfp smtp ssl issues



There is only one screen where you input these settings from the web interface,


Digital Sending > E-mail Settings


The configuration for E-Mail Server under Settings is for alerts and/or autosend. If you use then you ought to be able to also use these panels to configure to receive alerts and/or the autosend functionality. It won't work however with Google unless you are using Google For Work as a paid subscriber to bypass the SSL/TLS requirements for email.



Posts: 1
Member Since: ‎11-12-2014
Message 9 of 11 (5,224 Views)

Re: m4345 mfp smtp ssl issues

@edwardk, thnx a lot, your advice regarding helped me solve a 4-hour battle with m4345!

Now it works as a charm! 

Honor Student
Posts: 3
Member Since: ‎03-25-2013
Message 10 of 11 (2,531 Views)

Re: m4345 mfp smtp ssl issues

So much for


On April 27, Mandrill became a paid MailChimp add-on. Any Mandrill accounts that weren't linked to a MailChimp account by May 11, 2016 have been disabled and can no longer be accessed. For more information, see this blog post.

† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation