You are here: Administration > Tools - database, server-command scripting, and APIs (Advanced) > Generate SSL/HTTPS keys > Use an existing trusted PaperCut NG/MF certificate

Use an existing trusted PaperCut NG/MFcertificate

If you have an existing trusted PaperCut NG/MF certificate, then based on the type of certificate, you can import it into the PaperCut NG/MF keystore:

  • On Windows, a certificate with an attached private key stored in either:

    • the Windows certificate store
    • a PKCS#12 file (*.p12/*.pfx)

  • On Linux, separate 'PEM encoded' key and certificate files.

To use existing trusted PaperCut NG/MF certificate:

Step 1: Export the existing trusted certificate and key

Note:

If you already have a PKCS#12 file, you do not need to perform this step.

The way in which you export your existing trusted certificate and key depends on where it is stored. One common method of exporting is via the Windows Certificate Store:

  1. Open the Windows Control Panel; then select Internet Options.

  2. On the Content tab, click Certificates.

  3. On the Personal tab, select the certificate; then click Export.

  4. Click Next at the initial screen.

  5. Select Yes, export the private key; then click Next.

    If you selected the last option correctly, you can export only as a .PFX file.

  6. Select the Include all the certificates in the certification path if possible check box.

  7. Clear the Enable strong protection check box.
  8. Clear the Delete the private key if the export is successful check box.
  9. Type a password for the PFX file. This is only used temporarily.

  10. Save the PFX file with the extension .pfx. (This is just temporary, you MUST delete this file later on.)

  11. Finish the wizard to export the certificate.

Step 2: Import the existing trusted certificate into the PaperCut NG/MF keystore

The way in which you import your trusted certificate into the PaperCut NG/MF keystore depends on the type of certificate you have:

Step 3: Configure the PaperCut NG/MF keystore

To configure the PaperCut Application ServerAn Application Server is the primary server program responsible for providing the PaperCut user interface, storing data, and providing services to users. PaperCut uses the Application Server to manage user and account information, manage printers, calculate print costs, provide a web browser interface to administrators and end users, and much more. to use the new key/certificate:

  1. Copy your signed keystore onto the server running the PaperCut NG/MF Application Server. The suggested location is [app-path]/server/custom/my-ssl-keystore

  2. Open the file [app-path]/server/server.properties with a text editor (e.g. Notepad).

  3. Locate the section titled SSLSecure Sockets Layer (SSL) is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral. The protocol uses a third party, a Certificate Authority (CA), to identify one end or both end of the transactions. To be able to create an SSL connection a web server requires an SSL certificate. When you choose to activate SSL on your web server you will be prompted to complete a number of questions about the identity of your website and your company. Your web server then creates two cryptographic keys - a Private Key and a Public Key. Key/Certificate.

  4. Remove the # (hash) comment marker from all lines starting with:

    server.ssl.keystore=

    server.ssl.keystore-password=

    server.ssl.key-password=

  5. Define the following:

    server.properties value Description
    server.ssl.keystore

    The location of your keystore. This must match the value specified by -k in create-ssl-keystore.

    If you did not specify this value in create-ssl-keystore, leave it as default.

    server.ssl.keystore-password

    The keystore password. This must match the value specified by -keystorepass in create-ssl-keystore.

    If you did not specify this value in create-ssl-keystore, leave it as default.

    server.ssl.key-password

    The keystore key password. This must match the value specified by -keystorekeypass in create-ssl-keystore.

    If you did not specify this value in create-ssl-keystore, leave it as default.

  6. Save the file.
    Note: On Mac OS, for server.ssl.keystore, specify the FULL path to your keystore. For example, /Applications/PaperCut NG/MF/server/custom/my-ssl-keystore
  7. Restart the PaperCut NG/MF Application Server.


Comments

Share your findings and experience with other PaperCut users. Feel free to add comments and suggestions about this Knowledge Base article. Please don't use this for support requests.