Epson TM-T88V-i SSL 证书问题 [英] Epson TM-T88V-i SSL Certificate issue

问题描述

我有一台 Epson TM-T88V-i 收据打印机，我使用 Epson 的 E-pos Javascript 库进行打印.我一直在使用以下 URL 打印到连接到本地网络的打印机

http://192.168.1.105/cgi-bin/epos/service.cgi?devid=local_printer&timeout=60000

这在我的应用程序不安全的情况下运行良好，但我现在已经在我的主域上安装了一个证书以保护它免受受信任的 CA 的安全，并且在我打印到打印机的安全 URL 时遇到了问题 https://192.168.1.105/cgi-bin/epos/service.cgi?devid=local_printer&timeout=60000 它破坏了我主域的安全性 - 标记该站点不安全并跨越 HTTPS红色，因为它正在加载带有证书错误的内容.

当我检查打印机生成的自签名证书时，它有以下问题:

<块引用>

证书 - 缺少主题备用名称此站点不包含主题备用名称扩展名包含域名或 IP 地址.

<小时><块引用>

证书 - 丢失 此站点缺少有效的、受信任的证书(网络::ERR_CERT_AUTHORITY_INVALID).

我已尝试将证书添加到我信任的证书颁发机构，但这没有用.

我已按照 Epson 自己的指南使用 OpenSSL 创建证书，但我在浏览器中遇到了同样的错误.

我在谷歌上搜索了上述错误，但找不到有效的解决方案.忽略所有证书错误不是一个选项，因为这适用于实时生产环境.我已启用 Allow invalid certificate for resources 从 localhost 加载，但这也不起作用.

如果我需要购买证书，我会但不知道 CA 是否可以在没有签名请求的情况下颁发证书

任何帮助将不胜感激

解决方案

这是我遵循本指南最终开始工作的配置.感谢 Mark Farrugia 指出将 altNames 从 DNS.0 更改为 IP.0 - 这似乎是我们的主要症结

https://gist.github.com/jchandra74/36d5f8d0e1190209080p>a<预><代码>## epson.cnf#[要求]提示 = 否专有名称 = server_distinguished_namereq_extensions = v3_req[ server_distinguished_name ]通用名称 = 192.168.1.105stateOrProvinceName = mystate国家名称 = 我的国家emailAddress = myemail.email.com组织名称 = 爱普生组织单位名称 = 售前[ v3_req ]基本约束 = CA:FALSEkeyUsage = nonRepudiation、digitalSignature、keyEnciphermentsubjectAltName = @alt_names[替代名称]IP.0 = 192.168.1.105 -- 这是打印机的 IP

必须注意.我必须下载证书并将其添加到我另一台 PC 上 Chrome 自己的受信任 CA 存储中.添加后它按预期工作

I have an Epson TM-T88V-i receipt printer which I print to using Epson's E-pos Javascript library. I have been using the following URL to print to the printer which is connected to my local network

http://192.168.1.105/cgi-bin/epos/service.cgi?devid=local_printer&timeout=60000

This has run fine while my application has been unsecured but I have now installed a certificate on my main domain to secure it from a trusted CA and have been facing the issue that when I print to the secure URL for the printer https://192.168.1.105/cgi-bin/epos/service.cgi?devid=local_printer&timeout=60000 it breaks the security of my main domain - flagging the site is not secure and crossing the HTTPS in red because it is loading content with certificate errors .

When I inspect the self-signed certificate generated by the printer it has the following issues:

Certificate - Subject Alternative Name missing The certificate for this site does not contain a Subject Alternative Name extension containing a domain name or IP address.

---

Certificate - missing This site is missing a valid, trusted certificate (net::ERR_CERT_AUTHORITY_INVALID).

I have tried to add the certificate to my trusted certificate Authorities but this hasn't worked.

I have followed Epson's own guide to create a certificate using OpenSSL but I get the same error in my browser.

I have googled the above errors but just can't find a solution that works. Ignoring all Certificate errors is not an option as this is for a live production environment. I have enabled Allow invalid certificates for resources loaded from localhost and this too has not worked.

If I need to purchase certificate I will but don't know if A CA can issue one without a signing request

Any help will be greatly appreciated

解决方案

This was the config that I got to work eventually from following this guide. Thanks to Mark Farrugia for pointing out to change the altNames from DNS.0 to IP.0 - This was what seemed to be the major sticking point for us

https://gist.github.com/jchandra74/36d5f8d0e11960dd8f80260801109ab0

#
# epson.cnf
#

[ req ]
prompt = no
distinguished_name = server_distinguished_name
req_extensions = v3_req

[ server_distinguished_name ]
commonName = 192.168.1.105
stateOrProvinceName = mystate
countryName = mycountry
emailAddress = myemail.email.com
organizationName = epson
organizationalUnitName = presales

[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names

[ alt_names ]
IP.0 = 192.168.1.105 -- this is the IP of the printer

It must be noted. I had to download the certificate and add it to Chrome's own trusted CA store on my other PC's. Once added It works as expected

这篇关于Epson TM-T88V-i SSL 证书问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！