You are here: Administration > Tools - database, server-command scripting, and APIs (Advanced) > Generate an SSL/HTTPS key > Use an existing trusted SSL certificate specifically for PaperCut NG

Use an existing trusted SSL certificate specifically for PaperCut NG

If you have an existing SSL keyIn typical public key infrastructure (PKI) arrangements, a digital signature from a certificate authority (CA) attests that a particular public key certificate is valid (i.e., contains correct information). An SSL key can be either a public key (can be disseminated publicly) or a private key (known only to the owner). with certificate, you can import it into the PaperCut NG keystore. The process depends on the type of certificate you have:

  • On Windows, a certificate with an attached private key stored in either:

    • the Windows certificate store
    • a PKCS#12 file (*.p12/*.pfx)

  • On Linux, separate 'PEM encoded' key and certificate files.

To use an existing trusted SSLSecure Sockets Layer (SSL) is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral. The protocol uses a third party, a Certificate Authority (CA), to identify one end or both end of the transactions. To be able to create an SSL connection a web server requires an SSL certificate. When you choose to activate SSL on your web server you will be prompted to complete a number of questions about the identity of your website and your company. Your web server then creates two cryptographic keys - a Private Key and a Public Key. key:

Step 1: Export the existing certificate with key

The way in which you export your existing trusted key depends on where it is stored:


If you already have a PKCS#12 file, you do not need to perform this step.

Step 2: Import the certificate into the PaperCut NG keystore

The way in which you import your trusted certificate into the PaperCut NG keystore depends on the type of certificate you have:

Step 3: Configure the PaperCut NG keystore

To configure the PaperCut Application Server to use the new key/certificate:

  1. Copy your signed keystore onto the server running the PaperCut NG Application Server. The suggested location is [app-path]/server/custom/my-ssl-keystore

  2. Open the file [app-path]/server/ with a text editor (e.g. Notepad).

  3. Locate the section titled SSL Key/Certificate.

  4. Remove the # (hash) comment marker from all lines starting with "server.ssl".

  5. Define the location of your keystore, keystore password and key password as chosen previously. The file should look something like this:




    NOTE: On Mac OS, specify the FULL path to your keystore, e.g. /Applications/PaperCut NG/server/custom/my-ssl-keystore

  6. Restart the PaperCut NG Application Server and verify all is working. If the server fails to start, error messages are recorded in logs located in the server's logs directory.


Share your findings and experience with other PaperCut users. Feel free to add comments and suggestions about this Knowledge Base article. Please don't use this for support requests.