HP MFP Digital Sending Software (DSS) 5.0 - Security Features
10
When server certificate validation is enabled for DSS as a whole, it can be disabled for specific servers or
devices by adding them to the Server / Device exception list.
When a Remote Configuration Utility (RCU) is in use it must be considered a server when server
certificate validation is enabled. Even though most of the time the RCU will be the client in
communications with the DSS service it is managing, there will be occasional communications from the
DSS service back to the RCU in which the service is the client in the communication and the RCU is the
server. Therefore, if an RCU is used when server certificate validation is enabled the DSS certificates
from the RCU computer must be loaded on to the computer running the DSS service, or, the computer
which runs the RCU must be added to the Server / Device Exceptions list shown in the user interface
shown above.
Note that server certificate validation when communicating with devices can be exempted for all
devices as a group. This is because configuring devices properly for server certificate validation with DSS
can be a very time consuming thing which involves new certificates being created for, and loaded onto,
each device and the CA which creates those certificates needs to be loaded on the DSS server. Only
extremely security conscious customers will want to do this for their fleet of devices so a checkbox is
provided to easily exempt all the devices at once instead of having to add them to the exempt list one at
a time. More detail on how to properly configure a device and DSS for server certificate validation is
discussed later in this document.
The UI shown above does not control server certificate validation for three communication channels:
- For SSL / TLS communication between the DSS service and the DSS database server certificate
validation is always on. Communication with the database is discussed in more detail later in
this paper