Renew an SSL certificate

To ensure that the trust mechanisms in SSLSecure Sockets Layer (SSL) is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral. The protocol uses a third party, a Certificate Authority (CA), to identify one end or both end of the transactions. To be able to create an SSL connection a web server requires an SSL certificate. When you choose to activate SSL on your web server you will be prompted to complete a number of questions about the identity of your website and your company. Your web server then creates two cryptographic keys - a Private Key and a Public Key. are adhered to, SSL certificates are designed to expire so that your environment is kept up-to-date. To renew your SSL certificateSSL certificates are small data files that digitally bind a cryptographic key to an organization’s details, such as a company's domain name, your company name, your address, your city, your state and your country. When installed on a web server, it activates the padlock and the HTTPS protocol (over port 443) and allows secure connections from a web server to a browser. When a browser connects to a secure site it retrieves the site's SSL certificate and checks that it has not expired, it has been issued by a Certification Authority the browser trusts, and that it is being used by the website for which it has been issued. If it fails on any one of these checks the browser will display a warning to the end user letting them know that the site is not secured by SSL. SSL certificates can be either self-signed or CA signed. you need to retrace your steps when originally creating a new SSL certificate. See: Creating and installing a purchased SSL Certificate. However, the exact steps depend on your Certificate Authority as some require you to submit a brand new CSR, some allow you to just request a new SSL certificate.

The easiest way to do this is to use a new keystore, e.g. you substitute my-ssl-keystore with my-ssl-keystore-20151217

The new my-ssl-keystore-20151217 is put into production only after you've modified the server.properties as per the Configuring PaperCut to use the new certificate. and have restarted the PaperCut NG Application ServerAn Application Server is the primary server program responsible for providing the PaperCut user interface, storing data, and providing services to users. PaperCut uses the Application Server to manage user and account information, manage printers, calculate print costs, provide a web browser interface to administrators and end users, and much more.. This means you have time to create the private key, complete the CSR and receive the signed certificate before using the new keystore. If there is an issue with the new certificate or setup, you can quickly revert back to the original my-ssl-keystore.

For example, the SSL keyIn typical public key infrastructure (PKI) arrangements, a digital signature from a certificate authority (CA) attests that a particular public key certificate is valid (i.e., contains correct information). An SSL key can be either a public key (can be disseminated publicly) or a private key (known only to the owner). generation command originally was

keytool -keystore [app-path]\server\custom\my-ssl-keystore -alias jetty -genkeypair

-keyalg RSA

and it becomes

keytool -keystore [app-path]\server\custom\my-ssl-keystore-20151217 -alias jetty -genkeypair

-keyalg RSA


Comments

Share your findings and experience with other PaperCut users. Feel free to add comments and suggestions about this Knowledge Base article. Please don't use this for support requests.