You are here: Administration > Tools - database, server-command scripting, and APIs (Advanced) > Generate an SSL/HTTPS key > Use an existing trusted SSL certificate specifically for PaperCut NG

Use an existing trusted SSL certificate specifically for PaperCut NG

If you have an existing SSL keyIn typical public key infrastructure (PKI) arrangements, a digital signature from a certificate authority (CA) attests that a particular public key certificate is valid (i.e., contains correct information). An SSL key can be either a public key (can be disseminated publicly) or a private key (known only to the owner). with certificate, you can import it into the PaperCut NG keystore. The process depends on the type of certificate you have:

  • On Windows, a certificate with an attached private key stored in either:

    • the Windows certificate store
    • a PKCS#12 file (*.p12/*.pfx)

  • On Linux, separate 'PEM encoded' key and certificate files.

To use an existing trusted SSLSecure Sockets Layer (SSL) is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral. The protocol uses a third party, a Certificate Authority (CA), to identify one end or both end of the transactions. To be able to create an SSL connection a web server requires an SSL certificate. When you choose to activate SSL on your web server you will be prompted to complete a number of questions about the identity of your website and your company. Your web server then creates two cryptographic keys - a Private Key and a Public Key. key:

Step 1: Export the existing trusted certificate and key

Note:

If you already have a PKCS#12 file, you do not need to perform this step.

The way in which you export your existing trusted key depends on where it is stored. One common method of exporting is via the Windows Certificate Store:

  1. Open the Windows Control Panel; then select Internet Options.

  2. On the Content tab, click Certificates.

  3. On the Personal tab, select the certificate; then click Export.

  4. Click Next at the initial screen.

  5. Select Yes, export the private key; then click Next.

    If you selected the last option correctly, you can export only as a .PFX file.

  6. Select the Include all the certificates in the certification path if possible check box.

  7. Clear the Enable strong protection check box.
  8. Clear the Delete the private key if the export is successful check box.
  9. Type a password for the PFX file. This is only used temporarily.

  10. Save the PFX file with the extension .pfx. (This is just temporary, you MUST delete this file later on.)

  11. Finish the wizard to export the certificate.

Step 2: Import the certificate into the PaperCut NG keystore

The way in which you import your trusted certificate into the PaperCut NG keystore depends on the type of certificate you have:

Step 3: Configure the PaperCut NG keystore

To configure the PaperCut Application Server to use the new key/certificate:

  1. Copy your signed keystore onto the server running the PaperCut NG Application Server. The suggested location is [app-path]/server/custom/my-ssl-keystore

  2. Open the file [app-path]/server/server.properties with a text editor (e.g. Notepad).

  3. Locate the section titled SSL Key/Certificate.

  4. Remove the # (hash) comment marker from all lines starting with "server.ssl".

  5. Define the following:

    server.properties value Description
    server.ssl.keystore=custom/my-ssl-keystore The location of your keystore. This must match the value specified by -k in create-ssl-keystore. If you did not specify this value in create-ssl-keystore, leave it as default.
    server.ssl.keystore-password=default The keystore password. This must match the value specified by -keystorepass in create-ssl-keystore. If you did not specify this value in create-ssl-keystore, leave it as default.
    server.ssl.key-password=default The keystore key password. This must match the value specified by -keystorekeypass in create-ssl-keystore. If you did not specify this value in create-ssl-keystore, leave it as default.

    NOTE: On Mac OS, for server.ssl.keystore, specify the FULL path to your keystore, e.g. /Applications/PaperCut NG/server/custom/my-ssl-keystore

  6. Save the file.
  7. Restart the PaperCut NG Application Server and verify all is working. If the server fails to start, error messages are recorded in logs located in the server's logs directory.


Comments

Share your findings and experience with other PaperCut users. Feel free to add comments and suggestions about this Knowledge Base article. Please don't use this for support requests.