Manualshelf

HP MFP Digital Sending Software (DSS) 5.0 - Security Features

ManualsBrandsHP ManualsSoftwareHP MFP Digital Sending Software 5.0
10111213141516171819
12
In this config file, under the <appSettings> section, is the item <add key=”AcceptAllSSLCertificates”
value=”true” />. To enable the server certificate validation change ‘true’ to ‘false’, save the file and
restart the DSS CU. This must be done on each server that runs the Configuration Utility, including the
DSS server itself and any servers that run the CU remotely.
When server certificate validation is turned on for DSS CU <-> DSS service communication, and the CU is
running on a different server than the service, then the DSS CA certificate from the server running the
DSS service must be put into the Trusted Root Certification Authorities store on the server running the
CU.
SSL / TLS communication with the SQL Server database
The SQL database used by DSS does not contain passwords that have been entered by the DSS
administrator, but it may contain sensitive information such as email addresses and folder destinations
for which the administrator may want to implement added security.
By default DSS does not use the SSL / TLS protocols when interacting with the SQL database. In order to
enable SSL / TLS communication for this channel several things must be done:
1- Create and install a certificate for the SQL Server instance and configure SQL Server to know
about and use the certificate
2- Put the SQL Server certificate’s CA Authority certificate on the server that is running the DSS
service (only necessary when using an external database).
3- Enable SSL / TLS communication for this channel in DSS
Before going deeper into the instructions there are two things it is important to understand.
- Server certificate validation is always on for communication with the SQL Server database
- FutureSmart devices directly access the DSS database for addressing information. Since the devices
at this time are not enabled to use SSL / TLS communication with the database the SQL Server
instance must NOT be configured to require SSL / TLS communication for all clients. Instead, the
database will be configured to use SSL / TLS if the connecting client requests it and then DSS is
configured to request an SSL /TLS communication.
Below are detailed instructions on configuring SQL server and DSS to use SSL / TLS security. Most of the
instructions given below come from a Microsoft white paper that can be found at:
http://support.microsoft.com/kb/316898 entitled How to enable SSL encryption for an instance of SQL
Server by using Microsoft Management Console. They have been slightly edited to help tailor them to
the specific situation where DSS is the client and SQL Server is the server. If the reader wants more
information browsing to the MS whitepaper and following its available hyperlinks may be helpful.
Step 1 - Install a certificate on the SQL Server computer with
Microsoft Management Console (MMC)
To use SSL encryption, you must install a certificate on the SQL Server computer. Follow these steps to
install the certificate by using the Microsoft Management Console (MMC) snap-in.