• ×
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
  • ×
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
Guidelines
Join the HP Community Solve‑a‑thon | Help Others & Share Your Solutions | Live on Zoom | 2:30 PM to 2:30 AM IST | Every Wednesday Click here to know more
Check some of the most frequent questions about Instant Ink: HP INSTANT INK, HP+ PLANS: INK AND TONER.


Check out our WINDOWS 11 Support Center info about: OPTIMIZATION, KNOWN ISSUES, FAQs AND MORE.
HP Recommended

The Embedded Web Server offers an option to generate certificate signing requests and then to upload a certificate issued by a certification authority. Unfortunately the certificate signing request generated by EWS is invalid - the version field contains the value 0x2, which is invalid for certificate signing requests - the value is required to be zero, and Certbot enforces this (as do the underlying Python libraries). This makes it impossible to generate a certificate using Certbot from the generated CSRs.

 

Also, there needs to be an option to update the certificate without going through the web interface - with all certificate authorities gradually migrating to very short renewal timeframes (about a month and a half), automation is becoming essential. There needs to be a way to upload the certificate using a command line (curl), as soon as certbot's renewal process triggers a renewal. Updating this every month is not workable.

 

It is also no longer workable to use self-signed certificates now that Chrome refuses to use them at all unless installed manually as a trusted certificate, which is tedious given the printer regenerates a new key and certificate any time the printer is restarted.

 

There seems to be an overall failure, on the part of the EWS team, to recognise and address the current and developing nature of the SSL ecosystem.

1 REPLY 1
HP Recommended

Reporting this to HP is worse than useless. The people behind the help line don't have the first clue and refuse to escalate it to engineering to get the bug fixed.  See below for an infuriating chat - just trying to report a bug that can be fixed by changing a "2" to a "0" somewhere in the code.

 

  1. 2 Jul 2026, 3:01 pm
    1. Agent said

      Hi Troy! Thanks for contacting HP Support. I’m Sage, HP’s brand-new AI assistant, powered by the latest smart technology.

      How can I help today?

      15:01
    2. You said

      The Embedded Web Server offers an option to generate certificate signing requests and then to upload a certificate issued by a certification authority. Unfortunately the certificate signing request generated by EWS is invalid - the version field contains the value 0x2, which is invalid for certificate signing requests - the value is required to be zero, and Certbot enforces this (as do the underlying Python libraries). This makes it impossible to generate a certificate using Certbot from the generated CSRs.

      Also, there needs to be an option to update the certificate without going through the web interface - with all certificate authorities gradually migrating to very short renewal timeframes (about a month and a half), automation is becoming essential. There needs to be a way to upload the certificate using a command line (curl), as soon as certbot's renewal process triggers a renewal. Updating this every month is not workable.

      It is also no longer workable to use self-signed certificates now that Chrome refuses to use them at all unless installed manually as a trusted certificate, which is tedious given the printer regenerates a new key and certificate any time the printer is restarted.

      There seems to be an overall failure, on the part of the EWS team, to recognise and address the current and developing nature of the SSL ecosystem.

      15:02
    3. Agent said

      Thank you for sharing these details about the certificate signing request issue and the need for automation in certificate updates.

      To help you further, could you please confirm which firmware version your HP Color LaserJet Pro MFP 3301fdw is currently running?

      15:03
    4. You said

      6.28.1.47-202603112313

      15:05
    5. Agent said

      Thanks for providing your firmware version.

      Have you tried any workarounds or troubleshooting steps so far regarding the certificate signing request issue?

      15:05
    6. You said

      Yes. I have spent about 6 hours on the problem.

      15:05
    7. Agent said

      I understand you've put a lot of effort into this already.

      Is there any option in your Embedded Web Server to export or import certificates using a command line or API, or is it strictly limited to the web interface?

      15:05
    8. You said

      There is no command line option - the only thing available is the web interface and it just doesn't work.

      15:06
    9. Agent said

      Thank you for clarifying that only the web interface is available and it isn’t working for your needs.

      Are you seeing any specific error messages or codes when you try to upload a certificate or generate a certificate signing request?

      15:06
    10. You said

      Yes. When I generate a certificate signing request there are error messages generated by Certbot so I cannot get a certificate. When I upload a certificate and key generated externally in PFX format, the JSON result reports error code 3938 - "This operation is not supported for the current selection"

      15:09
    11. Agent said

      It looks like your issue with certificate signing requests and certificate uploads requires assistance from an HP representative who can help further. I’ll connect you now.

      15:09
    12. Agent connected
    13. Agent said

      Hi, I am Sinchana, taking over your chat. I see our virtual assistant already gathered some information, thanks for your patience, I will take it from there.

      15:10
    14. Agent said

      In case the chat is accidentally disconnected and you still need assistance reach us again via chat during the next 24 hours at https://support.hp.com/resume-chat

      15:11
    15. Agent said

      The issue appears to be related to the printer's firmware or EWS certificate management. Let me review the available options for you.

      15:14
    16. Agent said

      Are we connected?

      15:14
    17. You said

      Yes

      15:15
    18. Agent said

      Awesome!

      15:15
    19. Agent said

      I will ask you few questions to understand the issue better.

      15:16
    20. Agent said

      Which operating system are you using, Windows/Mac?

      15:16
    21. You said

      Linux

      15:16
    22. Agent said

      Thanks for confirming.

      15:17
    23. Agent said

      Are you getting any exact error message on the printer or the computer when you are trying to print?

      15:18
    24. You said

      I don't get errors when trying to print - the issue is that I cannot get any CA validated certificate onto the device so there are only the self-signed certificates. Chrome will not accept self-signed certificates unless they are manually added and since the self-signed certificates are regenerated each time the printer is restarted. This poses an obstacle to using the embedded web server.

      15:21
    25. Agent said

      Since the Operating System is Linux, we would have to check on this.
      Please allow me couple of minutes.

      15:24
    26. Agent said

      Since you are able to access the EWS page, could you please check and confirm if the firmware is up-to-date?

      15:25
    27. You said

      Yes, it is up to date.

      15:27
    28. Agent said

      Great.

      15:27
    29. Agent said

      Is the system date and time up-to-date?

      15:27
    30. You said

      Yes

      15:28
    31. Agent said

      Alrighty.

      15:28
    32. Agent said

      Could you please check and confirm if the Web services are enabled?

      15:29
    33. You said

      Yes, all of WS-Discovery, WS-Print and WS-Scan are enabled.

      15:30
    34. Agent said

      Okay, got it.

      15:30
    35. Agent said

      Okay, no worries.
      I would have to escalate this issue to level 2. Please allow me couple of minutes, I will get back to you with an update.

      15:32
    36. Agent said

      Thanks for your patience.

      15:35
    37. Agent said

      To begin with, I would like to highlight that HP provides only limited support for Linux users. HP does not offer telephone support for Linux printing. Instead, all support is available online at the following page. https://launchpad.net/hplip. On that page, click the "Ask a question" section

      To install the HP Color LaserJet Pro MFP 3301fdw on Linux, you will need the HPLIP software. In many cases, this software may already be installed, since most major Linux distributions include it by default during installation. However, if it is not installed, it can be downloaded here.
      https://developers.hp.com/hp-linux-imaging-and-printing

      For detailed information on HPLIP installation, please refer to this page.
      More Information | hp's Developer Portal
      Additional step-by-step instructions for using the installer are also available here
      Installer Walkthrough | hp's Developer Portal

      15:36
    38. You said

      The HPLIP software is not up-to-date with current versions of Debian. I use the printer through IPP (with a small adjustment to the PPD file). Printing works fine. It is the web interface, which is independent of the client side operating system, that is defective.

      15:37
    39. Agent said

      I understand your concern. However, our support for Linux operating systems is limited. For Linux-related printer issues, I kindly request you to refer to the support link below, where you'll find the appropriate resources and guidance for your operating system

      15:41
    40. You said

      It's not a Linux related issue. It's a web interface issue. It is technically irrelevant that the web browser is running on Linux. If you think it is somehow relevant, please escalate to the next level where there will be somebody who understands this.

      15:43
    41. Agent said

      Is there anything else I can help you at the moment?

      15:45
    42. You said

      No, as long as this is escalated so that ultimately it can get back to the development team to fix the defect in the EWS.

      15:46
    43. Agent said

      My apologies, I missed your last message. Let me check what can be done to assist you further with this issue. Please stay connected while I look into it.

      15:47
    44. Agent said

      My apologies for the delay. This is taking a little longer than expected. I truly appreciate your patience while I continue to look into this for you

      15:54
    45. Agent said

      Thank you so much for your continued patience. I sincerely apologize for the delay. I'm still reviewing this internally to ensure I provide you with the most accurate information.

      16:12
    46. Agent said

      Hello Troy, are we still connected. I appreciate your patience.

      16:44
    47. Agent said

      Are we connected.

      16:47
    48. You said

      Yes

      16:48
    49. Agent said

      The link that I sent you is a dedicated HP support team which specifically works on Linux computers. I understand that the issue is specific to the EWS, but please use the link they will definitely help you further with the issue.

      16:51
    50. You said

      Which link? https://developers.hp.com/hp-linux-imaging-and-printing ? That is definitely not a link to a support team, but to an irrelevant software download.

      16:56
    51. You said

      The same is the case for https://launchpad.net/hplip

      16:57
    52. You said

      It really should not be this difficult to report a simple bug that is almost certainly a one liner (somewhere the number "2" needs to be changed to "0") and would be easily identified by the EWS development team if this were escalated to them.

      16:58
    53. Agent said

      Please allow me a few minutes to check with the relevant team.

      17:00
    54. Agent said

      Hi Troy, thanks for staying connected.

      17:14
    55. Agent said

      If you could please refer to the link I shared earlier, you'll find the steps to download the software. For Debian-based distributions, an automatic updater is also available. Please follow the instructions on the website and share screenshots of any messages or errors that appear on your screen. This will help me document the issue accurately and raise it for further review.

      17:15
    56. You said

      That's ridiculous. It has nothing at all to do with that software and the software will not even interact with the EWS. I am well familiar with that software including at times at the source code level. It just has nothing whatsoever to do with this. It's like telling me to go buy a can of cat food to try to fix this. It is quite plain that you do not have the skills to deal with this and it needs to go up to engineering. Please forward this whole chat to engineering and stop wasting my time.

      17:20
    57. Agent said

      Are you with me?

      17:20
    58. Agent said

      Are you with me?

      17:20
    59. You said

      What's more, the HPLIP product is actually no longer recommended in favour of IPP printing now, and attempting to install it has the potential to cause other problems on my system (due to it always lagging Debian releases and not being compatible with the latest releases). Telling people to install HPLIP should never be the answer to anything, let alone a problem like this which will occur no matter what client operating system the browser is running on.

      17:25
       
† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the <a href="https://www8.hp.com/us/en/terms-of-use.html" class="udrlinesmall">Terms of Use</a> and <a href="/t5/custom/page/page-id/hp.rulespage" class="udrlinesmall"> Rules of Participation</a>.