Choose your language

Choose your login

Contact us

Use an existing trusted IIS certificate

This page applies to:

If your organization’s intranet is served by Internet Information Server (Windows), Apache (Linux), or another web server, you might be able to use the trusted IIS certificate for PaperCut NG/MF.

You can use an existing trusted IIS certificate if either:

  • your intranet server and PaperCut NG/MF Application server run on the same server, that is, they have the same server name and address

  • you have a wild-card certificate that allows arbitrary subdomains under the domain name (for example, myschool.edu) for which it was issued.

To use an existing trusted IIS certificate:

  1. Export the existing trusted IIS certificate .

  2. Import the existing trusted IIS certificate into the PaperCut NG/MF keystore .

  3. Configure the PaperCut NG/MF keystore .

Step 1: Export the existing trusted IIS certificate

To export your trusted certificate:

  1. Open the Windows management console.

  2. Select your IIS server.

  3. Navigate to the Windows Start menu.

  4. Right-click the Command Prompt.

  5. Select Run as administrator.

  6. Run the following command:

    MMC

  7. Verify that the Console Root screen is displayed:

  8. On the Console Root screen, press the keyboard shortcut Ctrl+M.

  9. Verify that the Add or Remove Snap-ins screen is displayed:

  10. On the Add or Remove Snap-ins screen’s Available snap-ins list, select Certificates; then click Add:

  1. From the Certificates snap-in screen, select Computer account; then click Next >:

  1. Click Finish:

  1. Verify that on the Add or Remove Snap-ins screen’s Selected snap-ins list, Console Root > Certificates is displayed:

  1. Click OK.

  2. On the Console Root screen, navigate to: Console Root > Certificates > Personal > Certificates:

  1. Right-click the certificate and navigate to: All Tasks > Export…:

  1. Follow the Certificate Export Wizard’s prompts:

    1. Click Next:

    1. Select Yes, export the private key; then click Next:

    1. Select Personal Information Exchange, Include all certificates in the certification path if possible and Enable certificate privacy; then click Next:

    1. Select Password; then enter the export password; then click Next.

  1. Click Browse:

  1. Select the directory in which the certificate will be exported to:

  1. Enter the File name that the certificate will be exported as, in the directory you selected; then click Save:

  1. Verify that the File name displays the path of directory you selected and the file name of the certificate that you specified; then click Next:

  1. Click Finish:

  1. Click OK:

  1. Close the Find Certificates screen.

  2. Close the Console Root screen.

  3. Click No:

Step 2: Import the existing trusted IIS certificate into the PaperCut NG/MF keystore

To import your trusted certificate into the PaperCut NG/MF keystore:

  1. Navigate to the directory where your exported certificate is saved and copy the certificate.

  2. Navigate to the following path on your PaperCut NG/MF Application Server and paste the certificate in this path:

      [app-path]\server\custom\
    
  3. Right-click the Command Prompt.

  4. Select Run as administrator.

  5. Run the following command:

      [app-path]/runtime/jre/bin
    
  6. On the directory, delete any existing files with the following name:

      my-ssl-keystore
    
  7. On the Command Prompt, run the following command:

      keytool -importkeystore -srckeystore "[app-path]\server\custom\MySslExportCert.pfx" -srcstoretype pkcs12 -destkeystore "[app-path]\server\custom\my-ssl-keystore"
    
  8. Enter the following responses to the SSL key:

    Enter destination keystore password: Enter keystore password.

    Re-enter new password: Re-enter the same keystore password.

    Enter source keystore password: Enter the same password as entered while exporting the certificate on the Certificate Export Password screen.

    For example:

      keytool -importkeystore -srckeystore "c:\Program Files\PaperCut NG/MF\server\custom\MySslExportCert.pfx" -srcstoretype pkcs12 -destkeystore "c:\Program Files\PaperCut NG/MF\server\custom\my-ssl-keystore"
    

Step 3: Configure the PaperCut NG/MF keystore

To configure the PaperCut Application Server to use the new key/certificate:

  1. Copy your signed keystore onto the server running the PaperCut NG/MF Application Server. The suggested location is [app-path]/server/custom/my-ssl-keystore

  2. Open the file [app-path]/server/server.properties with a text editor (for example, Notepad).

  3. Locate the section titled SSL Key/Certificate.

  4. Remove the # (hash) comment marker from all lines starting with:

    server.ssl.keystore=

    server.ssl.keystore-password=

    server.ssl.key-password=

  5. Define the following:

    server.properties valueDescription

    server.ssl.keystore

    The location of your keystore. This must match the value specified by -k in create-ssl-keystore.

    If you did not specify this value in create-ssl-keystore, leave it as default.

    server.ssl.keystore-password

    The keystore password. This must match the value specified by -keystorepass in create-ssl-keystore.

    If you did not specify this value in create-ssl-keystore, leave it as default.

    server.ssl.key-password

    The keystore key password. This must match the value specified by -keystorekeypass in create-ssl-keystore.

    If you did not specify this value in create-ssl-keystore, leave it as default.

  6. Save the file.

  7. Restart the PaperCut NG/MF Application Server.

Comments