CUPS - USB printer and TLS vs plain HTTP

Add-Ons
1

Hi,

I used CUPS for more than couple of years in IPFire and never had problems.
But there are some grey areas that might help me (&others) in these times when we have to print papers in order to exit homes…

Here it goes:
[1]I have replaced one USB Xerox printer with pretty much a similar model (driver is the same). How can I tell CUPS to rebuild the Connection parameter → I need to keep the printer as it is, just change the connection address. Manually is also fine -if somebody tells me the connection string, I know the config file.

Connection: usb://Xerox/Phaser%203040?serial=3179120738

That is located in /var/ipfire/cups/printers.conf : DeviceURI definition.

[2] My printers were setup when IPFire did not enforced HTTPS/TLS. And these printers (printing) still work over HTTP!
But I saw that wiki states to use HTTPS.

Question: will it be OK if I use the digital certificate from /etc/httpd to cups also? The RSA httpd certificate to be precise.
I mean, if I symlink /var/ipfire/cups/ssl/ files to the ones in /etc/httpd/ will work?
Those in /etc/httpd are from an Registered Root Authority and will not generate any errors to clients checking the digital certificate used by cups.
More: my personal Apache init script does take care of creating new certificates from the registered CA in /etc/httpd/ if those are expired (or about to expire in 7 days)…

Thanks!
H&M

2

A to [1] - I don’t believe you can change the connection address of a printer, from WUI. You need to add the new printer, from scratch. Optionally then delete the old printer. Manually editing the printers.conf file, even with cups stopped, is deprecated by cups maintainers.

A to [2] - I’m not certain what will apply because I print from neither Windows nor Mac. At the workstation end, if you can’t edit existing devices to use ipps protocol & https URL , then you are faced with creating new “printer devices”.

I can’t answer the question re digital certificate - perhaps it will “just work”. From https://localhost:631 on a workstation, the user is asked to accept the print server’s certificate - that might need to be done each session.

3

Just tested this - I copied the certificates from HTTPD to /var/ipfire/cups/ssl/ : everything works fine, accessing CUPS URL now show trusted certificate (HTTPD certificate is from a trusted ROOT).

Thanks!
H&M