Use an existing trusted SSL certificate for Mobility Print

KB Home   |   Use an existing trusted SSL certificate for Mobility Print

Help! We get a certificate error when browsing to the web interface of our Mobility Print server! What should we do?”

About Mobility Print and Certificates

By default, the Mobility Print server will use a self-signed certificate. This can be used for secure communication, but does mean that if users browse to the Mobility Print Help Center on your server using HTTPS then they will see an error because the certificate is untrusted.

(It’s important to point out that generally this isn’t a problem. Users aren’t exchanging their credentials with the Mobility Print server through the web interface, and admins can simply click through the certificate error to get to the login page of the server and the traffic will still be encrypted.)

If this worries you however, there are two different solutions.

  • Consider sharing this link with your users instead to our Mobility Print Help Center which shows users how they can use Mobility Print on their devices. This page does use a trusted certificate, and can be browsed to securely over port 443.
  • It is also possible to install a custom certificate on your Mobility Print server, which allows admins and users to access the web interface of the server with HTTPS without facing a certificate error. See the steps below for details.

How to install an SSL Certificate on your Mobility Print Server

The certificate and private key used by the Mobility Print server for HTTPS connection are in PEM-encoded format. To use an existing trusted SSL key:

1. Export the existing certificate and key to PEM-encoded format.
2. Configure the Mobility Print server certificate.

Step 1: Export the existing certificate and key to PEM-encoded format. The process depends on the type of certificate you have:

  • Windows certificate store:
    1. Export the certificate and key to a .pfx file by following Step 1: Export the existing certificate with key. Skip this step if you already have a .pfx file.
    2. Convert your .pfx file to PEM-encoded format as described for the following option.
  • A PKCS#12 file (*.p12/*.pfx):
    1. Run the following command to export the private key: openssl pkcs12 -in certname.pfx -nocerts -out tls.pem
    2. Run the following command to export the certificate: openssl pkcs12 -in certname.pfx -nokeys -out tls.cer
  • Separate ‘PEM encoded’ key and certificate files.
    • You are good to go!

Step 2: Configure the Mobility Print server certificate

1. On the Mobility Print server, stop the PaperCut Mobility Print service.
2. Navigate to: C:\<Mobility Print install path>\data\. You’ll see the following:
  • tls.cer (certificate file)
  • tls.pem (private key file)
3. Make a backup of the current tls.cer and tls.pem by renaming them both to .old so you have a copy of the original files
4. Copy your extracted certificate and private key files to this folder.
5. Rename your certificate file to tls.cer and the private key file to tls.pem.
6. Start the PaperCut Mobility Print service .
7. Access the Mobility Print Admin interface using the Common Name (or Host Name) that you’ve specified in the certificate.

Still have questions?

Let us know! We’re definitely happy to chat about how Mobility Print works. Feel free to leave a comment below or visit our Support Portal for assistance. Also, check out the Mobility Print Help Center.

Categories: Mobility Print

[-Keywords: Mobility Print, SSL, Certificate, HTTPS]


Share your findings and experience with other PaperCut users. Feel free to add comments and suggestions about this Knowledge Base article. Please don't use this for support requests.

Article last modified on July 12, 2018, at 05:30 AM
Printable View   |   Article History   |   Edit Article