emtiu/brothercert.sh

## brothercert.sh
# I encountered two major difficulties when trying to import an SSL certificate into an old Brother DCP-9020CDW
# multifunction printer:

# First, I was unable to export the openssl `.pem` and `.key` files to pkcs in a way that allowed the printer to
# import the certificate. I kept getting the error message "The password is not correct.", even though the password
# was definitely correct.

# I was exporting the certificate using:
openssl pkcs12 -export -out brother.p12 -in brother.pem -inkey brother.key

# Turns out, I was using OpenSSL 3.0.x, which by default exports PKCS12 with password ciphers which are too new for
# this old printer to understand. Through StackOverflow, I found this hint: https://stackoverflow.com/a/72707736,
# which led me to try:
$ openssl pkcs12 -export -legacy -out brother.p12 -in brother.pem -inkey brother.key

# This worked, and the printer was able to import the certificate.

# HOWEVER, it turns out that this printer is so old it only supports TLS 1.0, and nothing newer.
# Firefox was (understandably) complaining and refusing to connect. Following this advice:
# https://support.mozilla.org/en-US/questions/1101896, I tried setting `security.tls.version.min` to `0`
# in Firefox' `about:config`, and this worked: I could connect to the printer using SSL and the imported certificate.

# Obviously, it's not worth the risk leaving TLS 1.0 allowed for the browser, so I ended up sticking with HTTP
# for this printer.
	# I encountered two major difficulties when trying to import an SSL certificate into an old Brother DCP-9020CDW
	# multifunction printer:

	# First, I was unable to export the openssl `.pem` and `.key` files to pkcs in a way that allowed the printer to
	# import the certificate. I kept getting the error message "The password is not correct.", even though the password
	# was definitely correct.

	# I was exporting the certificate using:
	openssl pkcs12 -export -out brother.p12 -in brother.pem -inkey brother.key

	# Turns out, I was using OpenSSL 3.0.x, which by default exports PKCS12 with password ciphers which are too new for
	# this old printer to understand. Through StackOverflow, I found this hint: https://stackoverflow.com/a/72707736,
	# which led me to try:
	$ openssl pkcs12 -export -legacy -out brother.p12 -in brother.pem -inkey brother.key

	# This worked, and the printer was able to import the certificate.

	# HOWEVER, it turns out that this printer is so old it only supports TLS 1.0, and nothing newer.
	# Firefox was (understandably) complaining and refusing to connect. Following this advice:
	# https://support.mozilla.org/en-US/questions/1101896, I tried setting `security.tls.version.min` to `0`
	# in Firefox' `about:config`, and this worked: I could connect to the printer using SSL and the imported certificate.

	# Obviously, it's not worth the risk leaving TLS 1.0 allowed for the browser, so I ended up sticking with HTTP
	# for this printer.