Mac users unable to print after Apple revoked HP certificate - BleepingComputer
Apple macOS X users with HP printers are left unable to print from their computers after Apple revoked a certificate that signed HP's print drivers.
The result was print drivers being mistaken on macOS X for malware, and user complaints springing up over the weekend.
Print drivers mistook for malware
As observed by BleepingComputer, when printing a document from a MacBook running macOS Catalina (10.15.7 (19H2)) to an HP printer, the job remains in print queue but does not complete. That's because the corresponding print driver is being mistaken as malware.
Reports of macOS users with HP printers experiencing the issue emerged on Apple, HP forums, and of course, Twitter.
The problem seems to impact both macOS Catalina (10.15) and Mojave (10.14) users with HP printers.
Furthermore, the print queue shows a mysterious "Encryption credentials have expired" message.
The issue stems from Apple having recently revoked the digital certificate installed on HP's printers via XProtect.
XProtect is a feature by which Apple can prevent Mac devices from running certain applications it no longer deems trustworthy.
Apple does so by revoking the cryptographic code-signing certificates associated with these applications.
"There is no central database of certs cancelled by XProtect, there's one for each OS version it seems, and Catalina and Mojave were selected in particular. Apple chose to revoke the HP driver cert, or perhaps was asked to do so by HP," explained The Register.
How to resolve the issue?
macOS X users can resolve the issue by following a series of steps outlined below.
The advice specifically applies to HP OfficeJet models with wireless printing and the printer's web interface enabled.
- Remove the /Library/Printers/hp folder to delete any old drivers that are being incorrectly flagged as malware
- Open System Preferences on your macOS X and navigate to the Printers & Scanners area.
- Double-click on the printer and then select "Printer settings." and then click "Show Printer Web Page..."
-
Once on the printer's web page, follow the steps provided by HP's Knowledge Base to generate a new Self-Signed certificate for the device.
-
This generates a new certificate for your HP printer with 10-year validity. Ignore the "Not Secure" warning; that is typical for self-signed certificates.
-
Now return to the Printers & Scanners area, right-click (Cmd+click) on your printer and select the "Reset printing system..." option
-
This will uninstall and remove the printer from the list. Now click the "+" icon to re-add it.
-
Select the printer as it re-appears on the list. Make sure "Secure AirPrint" is selected next to the "Use" dropdown and click "Add."
You may also use the "IP" option to add the printer by its IP address should the "Bonjour" (AirPrint) connectivity fail.
You should now be able to print from applications such as your web browser and Preview seamlessly to your printer.
The "Encryption credentials have expired" message should also no longer appear in your print queue.
While SSL certificate expiry dates and revocations are essential security features, these can become a hindrance in legitimate use cases if not planned properly by the industry players.
In Apple's case, revoking HP's certificates without a heads up left very many users without a means to print and having to deal with confusing "malware" alerts.
Update, Oct 30th 2020:
Apple reached out to BleepingComputer to clarify that the revoked certificates were an action undertaken by HP:
"We unintentionally revoked credentials on some older versions of Mac drivers. This caused a temporary disruption for those customers and we are working with Apple to restore the drivers. In the meantime, we recommend users experiencing this problem to uninstall the HP driver and use the native AirPrint driver to print to their printer," said HP.
Comments
Post a Comment