Hi @pol2020,

Welcome to HP Support Community.

Thank you for posting your query, I will be glad to help you.

It sounds like you're trying to replace the self-signed certificate used by your HP printer's Embedded Web Server (EWS) with a CA-signed SSL certificate. The challenge you're facing with email or DNS validation is common when the device is on a local network (LAN) and not accessible from the internet. Here are the steps you can follow to obtain a signed certificate and create a P12 file:

Generate CSR and Private Key: It seems you've already done this part using your HP EWS. Make sure you have both the CSR and the corresponding private key saved, as you'll need them later.

Choose a Certificate Authority (CA): Since you mentioned Comodo SSL, you can proceed with them or any other CA that offers domain validation SSL certificates. Domain validation typically requires proving control over the domain via DNS, email, or HTTP validation.

DNS Validation on Local Network: If your printer is on a LAN and does not have a publicly accessible DNS record, you might face difficulties using DNS validation in the standard way. One approach is to:

• Configure a local DNS server or modify your local hosts file to resolve a domain name to your printer’s IP address. However, note that this local setup won't be recognized by external CAs for domain validation purposes.
• A more practical approach would be to use a subdomain of a domain you own (e.g., printer.yourdomain.com) and create a DNS A record pointing to an external IP, then use port forwarding on your router to redirect traffic to your printer's internal IP during the validation process.

I hope this helps.

Take care and have a good day.

Please mark this post as “Accepted Solution” if the issue is resolved and if you feel this reply was helpful click “Yes”.

Rachel571

HP Support

Thanks, I have changed "Host Name" an "Domain Name" in EWS > Network > Network settings > Identification, I validate the certificate using Email method, I imported the certicate (*.cer) in EWS > Security > Certificate Managment > Import successfully.

but when I try to connect to "https://192.168.1.49", I have always the  Chrome browser warning : "certificate is not trusted" ?

My certificate is for a DNS and not an IP address ?

Hi @pol2020,

Thank you for your response, 

It seems like you've correctly replaced the self-signed certificate with a signed one and updated the host and domain names in the EWS settings. However, the warning you're seeing in Chrome indicates that the certificate is still not being recognized as trusted.

Certificates are typically issued for domain names (e.g., example.com) rather than IP addresses (e.g., 192.168.1.49). This is because the certificate is used to verify the identity of the server hosting the website or service, and domain names provide a more human-readable and flexible way to do this compared to IP addresses.

To resolve this issue, you should obtain a certificate that is issued for the domain name associated with your server (e.g., myserver.example.com) rather than the IP address. Once you have the correct certificate, you can install it in the EWS settings, and when users access your server using the domain name (e.g., https://myserver.example.com), they should no longer see the certificate warning in their browsers. 

I hope this helps.

Take care and have a good day.

Please click “Accepted Solution” if you feel my post solved your issue, it will help others find the solution. Click the “Kudos/Thumbs Up" on the bottom right to say “Thanks” for helping!

Alden4

HP Support