Hi,
just tried the HP Printer Binding. Have got two printers, the newer one is a Color Laserjet M553.
I created the thing file, interesting: I had to add some additional routes in the firewall.
After that, instead of coming online, the Thing gives error:
javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
But no errors in log.
I assume this is because of a self signed certificate of the printer.
One other example of the same problem is in this thread: HP printer M554 binding error (handshake failure from javax.net.ssl) .
Was solved there by using a different binding ( snmp ).
Thank you. I found that post, but this raises the question about the hp binding…
I don’t believe there are much openHAB users creating official certificates for their printer instead using default (hp comes directly with self signed certificates)
Did you try to turn off the SSL flag?
Didn’t found it in documentation. Will look for it later.
it looks like this option was available in earlier versions but not in OH3/OH4 versions.
Hm, then there is no solution?
As long as it is related to the certificate you can try to import it into the openhab java keystore or ‘relax’ the security on OH application level by adding a java option - from security point of view this isn’t a good idea.
Import to the keystone sounds good. Will google how to do on Ubuntu. Thanks for the hint
Well, I exported the cer-File from Administration area of the printer, after that imported it to /var/lib/openhab/etc/keystore with
keytool -importcert -file /ExportedCertificate_2_22_2024.cer -keystore keystore -alias "HP"
But printer still shows error:
javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
EDIT: After restart openhab sometimes I got:
javax.net.ssl.SSLHandshakeException: No subject alternative names present
I think I previously used the wrong buzz word.
Instead of keystore I should have written java trust store or java cert store.
This one is stored in a lib directory in your java installation.
E.g.
/opt/jdk/zulu11.50.19-ca-jdk11.0.12-linux_aarch32hf/lib/security/cacerts or
/usr/lib/jvm/java-11-openjdk-amd64/lib/security/cacerts
Those are linked to / etc/ssl/certs/java where I added the certificates too. 
Still
javax.net.ssl.SSLHandshakeException: No subject alternative names present
Which name of the printer ( just hostname or FQDN ? )is stored in the certificate and which name ( hostname, FQDN, IP ) do you use in the binding ?
Does it work if you use the same name ?
Not until yet! But can try. Will it be important to to give same alias in keystore?
Name is HP-LJ-M553.OWNDOMAIN.de in Printer.
IP is local one 10.10.10.112
Certificate is created for HP-LJ-M553.OWNDOMAIN.de
Tried with Name (label) in openhab of HP-LJ-M553.OWNDOMAIN.de
Still same issue
Tried reimported with different aliases and also mit SAN=HP-LJ-M553.OWNDOMAIN.de
No success