I have an Epson TM-T88V-i receipt printer which I print to using Epson's E-pos Javascript library. I have been using the following URL to print to the printer which is connected to my local network

http://192.168.1.105/cgi-bin/epos/service.cgi?devid=local_printer&timeout=60000

This has run fine while my application has been unsecured but I have now installed a certificate on my main domain to secure it from a trusted CA and have been facing the issue that when I print to the secure URL for the printer https://192.168.1.105/cgi-bin/epos/service.cgi?devid=local_printer&timeout=60000 it breaks the security of my main domain - flagging the site is not secure and crossing the HTTPS in red because it is loading content with certificate errors .

When I inspect the self-signed certificate generated by the printer it has the following issues:

Certificate - Subject Alternative Name missing The certificate for this site does not contain a Subject Alternative Name extension containing a domain name or IP address.

Certificate - missing This site is missing a valid, trusted certificate (net::ERR_CERT_AUTHORITY_INVALID).

I have tried to add the certificate to my trusted certificate Authorities but this hasn't worked.

I have followed Epson's own guide to create a certificate using OpenSSL but I get the same error in my browser.

I have googled the above errors but just can't find a solution that works. Ignoring all Certificate errors is not an option as this is for a live production environment. I have enabled Allow invalid certificates for resources loaded from localhost and this too has not worked.

If I need to purchase certificate I will but don't know if A CA can issue one without a signing request

Any help will be greatly appreciated

Managed to sort the issue. Followed your tutorial but then make sure that when you come to the config of the actual certificate add IP.0 to the actual ip of the printer. Now my issue is that it does not connect to the printer using HTTPS through Javascript but a hack in the actual javascript should do it.

This was the config that I got to work eventually from following this guide. Thanks to Mark Farrugia for pointing out to change the altNames from DNS.0 to IP.0 - This was what seemed to be the major sticking point for us

https://gist.github.com/jchandra74/36d5f8d0e11960dd8f80260801109ab0

#
# epson.cnf
#

[ req ]
prompt = no
distinguished_name = server_distinguished_name
req_extensions = v3_req

[ server_distinguished_name ]
commonName = 192.168.1.105
stateOrProvinceName = mystate
countryName = mycountry
emailAddress = myemail.email.com
organizationName = epson
organizationalUnitName = presales

[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names

[ alt_names ]
IP.0 = 192.168.1.105 -- this is the IP of the printer

It must be noted. I had to download the certificate and add it to Chrome's own trusted CA store on my other PC's. Once added It works as expected