Apple macOS X users with HP printers cannot print from their computer after Apple revokes a certificate signing the HP print drivers.
The result was that the print drivers on macOS X were mistaken for malware and user complaints cropped up over the weekend.
Print drivers mistaken for malware
As observed by BleepingComputer, when printing a document from a MacBook running macOS Catalina (10.15.7 (19H2)) to an HP printer, the job remains in the queue but does not complete . This is because the corresponding print driver is mistaken for malware.
Reports of macOS users with HP printers experiencing the issue have appeared on Apple, the HP forums and, of course, Twitter.
The issue appears to impact macOS Catalina (10.15) and Mojave (10.14) users with HP printers.
Additionally, the print queue displays a mysterious “Encryption credentials has expired” message.
The problem stems from the fact that Apple recently revoked the digital certificate installed on HP printers through XProtect.
XProtect is a feature whereby Apple can prevent Mac devices from running certain applications that it no longer deems trustworthy.
Apple does this by revoking the cryptographic code signing certificates associated with those apps.
“There is no central database of certificates revoked by XProtect, there is one for each version of the operating system it seems, and Catalina and Mojave were selected in particular. Apple chose to revoke the HP driver certificate, or maybe he was asked to do so by HP “explained The register.
How to solve the problem?
MacOS X users can resolve the issue by following a series of steps outlined below.
The advice applies specifically to HP OfficeJet models with wireless printing and the printer’s web interface enabled.
- Delete the / Library / Printers / hp folder to remove any old drivers that are incorrectly marked as malware
- Open System Preferences on your macOS X and go to Printers and scanners zoned.
- Double-click on the printer, then select “Printer Settings”. then click on “Show printer web page …”
Once on the printer’s web page, follow the steps provided by the HP Knowledge Base to generate a new self-signed certificate for the device.
This generates a new certificate for your HP printer with a validity of 10 years. Ignore the “Not secure” warning; this is typical for self-signed certificates.
Now come back to the Printers and scanners zone, right click (Cmd + click) on your printer and select the “Reset the printing system … ” option
This will uninstall and remove the printer from the list. Now click on the “+” icon to add it.
Select the printer as it reappears in the list. Make sure “Secure AirPrint” is selected next to the “Use” drop-down list and click “Add”.
You can also use the “IP” option to add the printer by its IP address if the “Bonjour” (AirPrint) connectivity fails.
You should now be able to print from applications such as your web browser and Preview seamlessly on your printer.
The message “Encryption credentials have expired” should no longer appear in your print queue.
While SSL certificate expiration dates and revocations are critical security features, they can become a hindrance in legitimate use cases if not properly planned by industry players.
In Apple’s case, the revocation of HP certificates without warning has left scores of users without the means to print and facing confusing “malware” alerts.