Greetings,
I'm in the IT department for a small regional bank. We are looking to figure out how to have our printers send secure scans to an FTPS server we have within our network. We have multiple models of Sharp Copiers, and already know that some of the models are out of date and can't be configured to do what we need.
List of the Models we have:
MX-3571, MX-M3071, MX-M3571, MX-6071, MX-4101N, MX-M623N, MX-B402SC, MX-M363N, MX-M283N, MX-MX3570, MX-M365N, MX-M6070, MX-M654N, MX-M1055, MX-M565N, MX-M754N
I'd like to narrow the troubleshooting to just a single model. The best for testing in our environment (ease of access, and existing results) is an M3071.
FTPS Server
It has an SSL cert assigned to the FTP site that uses "DigiCert Global Root CA" as it's Certificate Authority.
Ciphers are limited to a selection of highly secure ciphers that exist in the list of Ciphers the Printer knows.
TLS 1.0 and 1.1 are disabled
TLS 1.2 enabled
M3071 Printer Configuration
We tried three different configurations
Level of Encryption set to High
TLS 1.2 enabled
Uploaded 6 different CAs for DigiCert, to include the one used by FTPS to the Cerficiate Management > CA Certifcate management. However the "Purpose for use" says "Not Set".
Certs were downloaded using the DER format.
#1 Using the Desktop tab
Host: Fully qualified server name. Example: server.mycompany.com, which matches the server name the server's
Folder: simply the name of the folder under the website's root. "Folder Name" instead of say "\Folder Name" or "\Folder Name"
Credentials: Using credentials that reference a user that exists on the server itself, IE "servername\username"
Port: 990
SSL: Enabled
#2 Using the Desktop tab
Host: Fully qualified server name. Example: server.mycompany.com, which matches the server name the server's
Folder: simply the name of the folder under the website's root. "Folder Name" instead of say "\Folder Name" or "\Folder Name"
Credentials: Using credentials that reference a user that exists on the server itself, IE "servername\username"
Port: 21
SSL: Enabled
#3 Using the FTP tab
Host: Fully qualified server name. Example: server.mycompany.com, which matches the server name the server's
Folder: simply the name of the folder under the website's root. "Folder Name" instead of say "\Folder Name" or "\Folder Name"
Credentials: Using credentials that reference a user that exists on the server itself, IE "servername\username"
Port: 21 - this is default for the FTP tab
SSL: Enabled
Other Testing
Using an FTP client from my desktop, I'm able to connect to the FTPS server using port 990 or 21 and successfully upload files using the same credentials.
Test Results
#1 Error Cause: 80-0000 in the Job Log, No indication of activity on the FTPS server.
#2 Error Cause: 80-0000 in the Job Log, the last modified date of the folder is updated to the current date, however no file was received.
#3 Error Cause: 80-0000 in the Job Log, the last modified date of the folder is updated to the current date, however no file was received.
PS: Having the printers send scans using FTP without SSL enabled works just fine.
Has anyone else done this kind of configuration? Lessons learned? Anything I'm missing?
One thing I find interesting is the Purpose of the uploaded CAs on the Printer showing a status of "Not Set". We couldn't find a way to set their purpose. I downloaded the CAs from the server itself as a .CER file. The original CAs on the server are marked with purposes, to include "Server Authentication", which is what I believe I need it to be used for.
I'm in the IT department for a small regional bank. We are looking to figure out how to have our printers send secure scans to an FTPS server we have within our network. We have multiple models of Sharp Copiers, and already know that some of the models are out of date and can't be configured to do what we need.
List of the Models we have:
MX-3571, MX-M3071, MX-M3571, MX-6071, MX-4101N, MX-M623N, MX-B402SC, MX-M363N, MX-M283N, MX-MX3570, MX-M365N, MX-M6070, MX-M654N, MX-M1055, MX-M565N, MX-M754N
I'd like to narrow the troubleshooting to just a single model. The best for testing in our environment (ease of access, and existing results) is an M3071.
FTPS Server
It has an SSL cert assigned to the FTP site that uses "DigiCert Global Root CA" as it's Certificate Authority.
Ciphers are limited to a selection of highly secure ciphers that exist in the list of Ciphers the Printer knows.
TLS 1.0 and 1.1 are disabled
TLS 1.2 enabled
M3071 Printer Configuration
We tried three different configurations
Level of Encryption set to High
TLS 1.2 enabled
Uploaded 6 different CAs for DigiCert, to include the one used by FTPS to the Cerficiate Management > CA Certifcate management. However the "Purpose for use" says "Not Set".
Certs were downloaded using the DER format.
#1 Using the Desktop tab
Host: Fully qualified server name. Example: server.mycompany.com, which matches the server name the server's
Folder: simply the name of the folder under the website's root. "Folder Name" instead of say "\Folder Name" or "\Folder Name"
Credentials: Using credentials that reference a user that exists on the server itself, IE "servername\username"
Port: 990
SSL: Enabled
#2 Using the Desktop tab
Host: Fully qualified server name. Example: server.mycompany.com, which matches the server name the server's
Folder: simply the name of the folder under the website's root. "Folder Name" instead of say "\Folder Name" or "\Folder Name"
Credentials: Using credentials that reference a user that exists on the server itself, IE "servername\username"
Port: 21
SSL: Enabled
#3 Using the FTP tab
Host: Fully qualified server name. Example: server.mycompany.com, which matches the server name the server's
Folder: simply the name of the folder under the website's root. "Folder Name" instead of say "\Folder Name" or "\Folder Name"
Credentials: Using credentials that reference a user that exists on the server itself, IE "servername\username"
Port: 21 - this is default for the FTP tab
SSL: Enabled
Other Testing
Using an FTP client from my desktop, I'm able to connect to the FTPS server using port 990 or 21 and successfully upload files using the same credentials.
Test Results
#1 Error Cause: 80-0000 in the Job Log, No indication of activity on the FTPS server.
#2 Error Cause: 80-0000 in the Job Log, the last modified date of the folder is updated to the current date, however no file was received.
#3 Error Cause: 80-0000 in the Job Log, the last modified date of the folder is updated to the current date, however no file was received.
PS: Having the printers send scans using FTP without SSL enabled works just fine.
Has anyone else done this kind of configuration? Lessons learned? Anything I'm missing?
One thing I find interesting is the Purpose of the uploaded CAs on the Printer showing a status of "Not Set". We couldn't find a way to set their purpose. I downloaded the CAs from the server itself as a .CER file. The original CAs on the server are marked with purposes, to include "Server Authentication", which is what I believe I need it to be used for.
Comment