Use an existing trusted SSL certificate for Mobility Print

KB Home   |   Use an existing trusted SSL certificate for Mobility Print

Help! We get a certificate error when browsing to the web interface of our Mobility Print server! What should we do?”

About Mobility Print and Certificates

By default, the Mobility Print server will use a self-signed certificate. While the self-signed cert secures communication, using one means that users browsing to the Mobility Print Help Center on your server using HTTPS will see an untrusted certificate error.

(It’s important to point out that, generally, this isn’t a problem. Users aren’t exchanging their credentials with the Mobility Print server through the web interface, and admins can simply click through the certificate error to get to the login page of the server and the traffic will still be encrypted.)

If this worries you, however, there are two different solutions.

  • Consider sharing the link with your users instead to our Mobility Print Help Center which shows users how they can use Mobility Print on their devices. Our public page uses a trusted certificate that’s securely reachable over port 443.
  • It is also possible to install a custom certificate on your Mobility Print server, which allows admins and users to access the web interface of the server with HTTPS without facing a certificate error. See the steps below for details.

How to install an SSL Certificate on your Mobility Print Server

The certificate and private key used by the Mobility Print server for HTTPS connection are in PEM-encoded format. To use an existing trusted SSL key:

1. Export the existing certificate and key to PEM-encoded format.
2. Configure the Mobility Print server certificate.

Step 1: Separate the components of the certificate key bundle using PEM encoding for the key. The process depends on the type of bundle you have. Also, hopefully, you documented the bundle’s import password once upon a time because you’re going to need it soon.

  • Windows certificate store:
    1. Export the certificate and key as a PFX bundle by following Step 1: Export the existing certificate with key. Skip this step if you already have a .pfx file.
    2. Export the PEM-encoded key and certificate as described below.
  • A PKCS#12 file (*.p12/*.pfx):
    1. Run the command below to export the key from the certificate key bundle:
    openssl pkcs12 -in certname.pfx -nocerts -out tlspw.pem
    2. Next, remove the PEM pass phrase from the last step:
    openssl rsa -in tlspw.pem -out tls.pem
    3. Finally, export the certificate from the certificate key bundle:
    openssl pkcs12 -in certname.pfx -nokeys -out tls.cer

Step 2: Configure the Mobility Print server certificate

1. On the Mobility Print server, stop the PaperCut Mobility Print service.
2. Navigate to: C:\<Mobility Print install path>\data\. You’ll see the following:
  • tls.cer (certificate file)
  • tls.pem (private key file)
3. Make a backup of the current tls.cer and tls.pem by renaming them both to .old so you have a copy of the original files
4. Copy your extracted certificate and private key files to this folder.
5. Rename your certificate file to tls.cer and the private key file to tls.pem.
6. Start the PaperCut Mobility Print service .
7. Access the Mobility Print Admin interface using the Common Name (or Host Name) that you’ve specified in the certificate.

Still have questions?

Let us know! We’re definitely happy to chat about how Mobility Print works. Feel free to leave a comment below or visit our Support Portal for assistance. Also, check out the Mobility Print Help Center.


Categories: Mobility Print


[-Keywords: Mobility Print, SSL, Certificate, HTTPS]

Comments

Share your findings and experience with other PaperCut users. Feel free to add comments and suggestions about this Knowledge Base article. Please don't use this for support requests.

Article last modified on December 05, 2018, at 09:55 PM
Printable View   |   Article History   |   Edit Article