This article lists the commands used to import your existing SSL certificates into PaperCut when running on Linux. This will allow the certificates to be used for accessing the web interfaces via HTTPS.
Many thanks to Matt Peacock of Belper School for contributing the steps for this Knowledge Base article!
Please note before following these instructions that all references to files with a specific version number will change with every PaperCut NG/MF update. If you specify the wrong file name you will get an error. Before starting we recommend that you navigate your lib folder by entering ls ~papercut/server/lib or use tab completion to find the version shipped with your installation.
1. If you have separate PEM encoded key and certificate files, you will first need to convert them to a PKCS12 bundle as follows:
Note that there can be a short delay between restarting the PaperCut service and HTTP/HTTPS connections becoming available.
iii) Once you have verified that HTTPS connections are working, DELETE the PKCS12 certificate file /tmp/pccert.pfx
(It is no longer necessary, and it contains your certificate’s private key, which should be kept secure.)
iv) Under Options→General→Client Software you can tell the client software to access the server via SSL/HTTPS by default, to increase security.
v) Depending on how your certificate has been issued, when you attempt to access the PaperCut web interface through the link on the user client tool, you may receive errors stating that ‘The name on the security certificate is invalid or does not match the name of the site’. To get rid of these errors you need to update the ‘server-name’ value in “~papercut/client/client.properties” to reflect the name of the server that is specified in your web server certificate. This may simply be a case of supplying the fully qualified domain name instead of the ‘simple’ server name (i.e. ‘server.domain.com’ instead of just ‘server’).
This release contains an updated Java version which no longer supports 32-bit workstations. If you have any 32-bit users launching the User Client or Release Station from a network share, see this Knowledge Base article for more information.