Forcing use of HTTPS/SSL only

By default, PaperCut offers both plain HTTP and encrypted HTTPS based browser access. HTTP is on port 9191 and HTTPS/SSL on port 9192. To make end-users to access the system via SSL only:

Students/End-User Pages:

End-users access the system via the URL: http://server:9191/user or via the Details... link on the client. If the Client Settings option Use SSL/HTTPS if available is selected, any users that hit the plain http user page will automatically be redirected to the https secure connection. End-user web login via the non-SSL connection will be denied.

Admin Pages:

The admin pages are accessed via URLs like http://server:9191/admin or https://server:9192/admin for a secure connection. This URL is not published anywhere and you should ensure that:

  • You only bookmark and use the the secure link when accessing from a remote system.
  • Only tell tell other admin/staff the 9192 https address and bookmark it for them in their browsers. A handy way to publish the URL is to put a convenient link on an intranet page available to all staff.


It is not possible to turn off the plain HTTP port entirely because:

  • It is used internally by the client for non-sensitive data such as event notification, as plain HTTP connections have less overhead than SSL, reducing load on the server.
  • In the case SSL fails (such as if the certificate becomes invalid), the plain connection will still be available for login.

Categories: User Web Tools Interface


Keywords: turn on SSL, block HTTP, deny HTTP, secure socket layer, cleartext, plaintext

Page last modified on August 19, 2008, at 10:53 PM