emtiu · November 23, 2023 11:46
diff --git a/brothercert.sh b/brothercert.sh
 # I encountered two major difficulties when trying to import an SSL certificate into an old Brother DCP-9020CDW
 # multifunction printer:

 # First, I was unable to export the openssl `.pem` and `.key` files to pkcs in a way that allowed the printer to
 # import the certificate. I kept getting the error message "The password is not correct.", even though the password
 # was definitely correct.

 # I was exporting the certificate using:
 openssl pkcs12 -export -out brother.p12 -in brother.pem -inkey brother.key

 # Turns out, I was using OpenSSL 3.0.x, which by default exports PKCS12 with password ciphers which are too new for
 # this old printer to understand. Through StackOverflow, I found this hint: https://stackoverflow.com/a/72707736,
 # which led me to try:
 $ openssl pkcs12 -export -legacy -out brother.p12 -in brother.pem -inkey brother.key

 # This worked, and the printer was able to import the certificate.

 # HOWEVER, it turns out that this printer is so old it only supports TLS 1.0, and nothing newer.
 # Firefox was (understandably) complaining and refusing to connect. Following this advice:
 # https://support.mozilla.org/en-US/questions/1101896, I tried setting `security.tls.version.min` to `0`
 # in Firefox' `about:config`, and this worked: I could connect to the printer using SSL and the imported certificate.

 # Obviously, it's not worth the risk leaving TLS 1.0 allowed for the browser, so I ended up sticking with HTTP
 # for this printer.
	# I encountered two major difficulties when trying to import an SSL certificate into an old Brother DCP-9020CDW
	# multifunction printer:

	# First, I was unable to export the openssl `.pem` and `.key` files to pkcs in a way that allowed the printer to
	# import the certificate. I kept getting the error message "The password is not correct.", even though the password
	# was definitely correct.

	# I was exporting the certificate using:
	openssl pkcs12 -export -out brother.p12 -in brother.pem -inkey brother.key

	# Turns out, I was using OpenSSL 3.0.x, which by default exports PKCS12 with password ciphers which are too new for
	# this old printer to understand. Through StackOverflow, I found this hint: https://stackoverflow.com/a/72707736,
	# which led me to try:
	$ openssl pkcs12 -export -legacy -out brother.p12 -in brother.pem -inkey brother.key

	# This worked, and the printer was able to import the certificate.

	# HOWEVER, it turns out that this printer is so old it only supports TLS 1.0, and nothing newer.
	# Firefox was (understandably) complaining and refusing to connect. Following this advice:
	# https://support.mozilla.org/en-US/questions/1101896, I tried setting `security.tls.version.min` to `0`
	# in Firefox' `about:config`, and this worked: I could connect to the printer using SSL and the imported certificate.

	# Obviously, it's not worth the risk leaving TLS 1.0 allowed for the browser, so I ended up sticking with HTTP
	# for this printer.