How to automate the deployment of 802.1X printer certificates via web scraping
During my 802.1X project I learned a lot about how to deploy that layer of security, an important role play ssl certificates and in this article I wanna share my knowledge about how to rollout ssl certificates on printers; in an automated way…
As there are several thousand printers in the network, most of them are of the same model, at least. The management suite of the printer manufacturer was quite expensive as a license is needed by every printer, in fact it would be more expensive than the 802.1X system itself for the 10k end devices which are currently inside the network, beside that, it’s another Windows server to license, maintain and care about. So it saved literally tons of money.
Another solution was needed.
The printers web interface is based on javascript, I decided to use a combination of Python and Selenium to read and write data from the printers, based on scripting.
The script is designed as a class with methods to check the connectivity state of the printer, check CA cert existence, client cert existence, CA cert deployment, client cert deployment and an 802.1X activation method which can be used in any combination.
It is looking for PFX certs and it’s data file inside the file system, the path can be adjusted easily. The data file is comma separated and created via another PFX cert creation script, which automatically generates PFX files and a data file with date, cert name, IP, MAC and PFX password via a Windows PKI, but this is another part of the project.
A data file looks like this:
date,cert,ip,mac,password
01.01.2021–11:14:13,testprinter.testdomain.local,192.168.1.50,00:00:00:11:22:33,123456
IP, cert and password are used in the script to reach the corresponding printer, to check and deploy the needed cert and 802.1X functions. I implemented a lot logging in oder to know when and where lies the issue in case one occurs.
Deployment time is about 15 seconds for a complete 802.1X function rollout of one printer.
Conclusion:
With a little bit effort it is possible to rollout large amounts of certificates on printers, a special management system is not needed. In my project, I implemented a Python script which depolys CA certs, client certs and activates 802.1X in some seconds. It saved a huge amounts of time and money.
