Choose your language

Choose your login

Contact us

Enforce HTTPS communication

This page applies to:

You can connect to PaperCut NG/MF using either HTTP or HTTPS, however, you can enforce the use of HTTPS in one of the following ways:

  • Redirect to HTTPS/SSL if available—Redirect HTTP connections to HTTPS. The redirect is performed every time a user attempts to access PaperCut via HTTP, which can allow some vulnerability around man-in-the-middle attacks.

  • Use HTTP Strict Transport Security (HSTS)—HSTS instructs the browser to only connect via HTTPS and not HTTP for a configured timeout period. The redirect is performed only once in the timeout period when the user first logs in rather than every time the interface is accessed. This minimizes the chance of man-in-the-middle attacks.

To enforce HTTPS communication:

  1. Test the connection to PaperCut NG/MF on port 443:

    1. In a browser, connect to https://<Application Server address>.

    2. Check that the URL does not include :9192 at the end.

  2. Select Options > Advanced. The Advanced page is displayed.

  3. In the Security area:

    1. Select the Redirect to HTTPS/SSL if available check box.

    2. If you want to connect using HSTS, select the Use HTTP Strict Transport Security check box.

  4. Click Apply.

  5. Restart the Application Server. (See Stop and start the Application Server .)

  6. Perform a test print job to test all MFDs/printers to ensure they can still submit information to the Application Server.

Can’t connect to the Application Server after enabling HSTS

If you can’t connect to the Application Server after enabling HSTS, it is likely due to either:

  • an invalid SSL certificate
  • the Application Server is running on a port other than 443.

You should roll back your changes:

  1. Log in to the server running the PaperCut NG/MF Application Server.
  2. Connect to the PaperCut NG/MF Application Server web interface using localhost, for example, http://localhost:9191. Non-secure HTTP connections are allowed when connecting from localhost.
  3. Clear the Redirect to HTTPS/SSL and Use HTTP Strict Transport Security check boxes.
  4. Restart the Application Server.

Comments