[Legacy] Importing SSL Certificates in Linux
This is an old knowledge base article and the instructions may no longer be current. If you are hoping to install a certificate on your Linux PaperCut server we recommend following one of these knowledge base articles instead:
This article lists the commands used to import your existing SSL certificates into PaperCut when running on Linux. This will allow the certificates to be used for accessing the web interfaces via HTTPS.
Many thanks to Matt Peacock of Belper School for contributing the steps for this Knowledge Base article!
Please note before following these instructions that all references to files with a specific version number will change with every PaperCut NG/MF update. If you specify the wrong file name you will get an error. Before starting we recommend that you navigate your lib folder by entering
ls ~papercut/server/lib or use tab completion to find the version shipped with your installation.
1. If you have separate PEM encoded key and certificate files, you will first need to convert them to a PKCS12 bundle as follows:
openssl pkcs12 -export -inkey keyfile.key -in cert.crt -out /tmp/pccert.pfx
2. Import the PKCS12 bundle into PaperCut as follows:
~papercut/runtime/linux-x64/jre/bin/java -classpath ~papercut/server/lib/jetty-pkcs12–8.1.16.v20140903.jar org.mortbay.jetty.server.ssl.PKCS12Import /tmp/pccert.pfx ~papercut/server/custom/my-ssl-keystore
3. To set up PaperCut to use the new certificate:
server.ssl.keystore-password=<your keystore password>
server.ssl.key-password=<your keystore password again>
- Note that there can be a short delay between restarting the PaperCut service and HTTP/HTTPS connections becoming available.
- (It is no longer necessary, and it contains your certificate’s private key, which should be kept secure.)
“~papercut/client/client.properties”to reflect the name of the server that is specified in your web server certificate. This may simply be a case of supplying the fully qualified domain name instead of the ‘simple’ server name (i.e. ‘server.domain.com’ instead of just ‘server’).
Keywords: JSSE keystore, Jetty, Secure Socket Extension, certificate warning, browser security