You are here: Administration > Tools - database, server-command scripting, and APIs (Advanced) > Generate SSL/HTTPS keys > Use the PaperCut NG/MF self-signed certificate

Use the PaperCut NG/MF self-signed certificate

During the install process, PaperCut NG/MF generates self-signed keys/ certificates with default attributes. You also have the option of changing these attributes and generating customized self-signed certificates.

To generate customized self-signed certificates:

  1. In a command line, navigate to the create-ssl-keystore tool:

    cd [app-path]/server/bin/win

  2. Run the following create-ssl-keystore command after specifying values for relevant arguments:

    create-ssl-keystore -f -k <keystore location> -keystoreentry <entry> -sig <signature> -keystorepass <keystore password> -keystorekeypass <keystore key password> -bcCA <SYSTEM-NAME>

    Note: While the table below outlines some arguments of the create-ssl-keystore command, the --help command line option lists all the available arguments.
    create-ssl-keystore command arguments Description and values
    -f (force) Overwrites any existing keystore file(s).
    -k <keystore location>

    Specify the location of keystore for the PaperCut NG/MF key/ certificate that is being generated.

    If you don’t specify this value, the default location [app-path]/server/data/default-ssl-keystore is used.

    -keystoreentry <entry>
    Important: This is currently supported only on some devices. For more information about devices that support this, contact your Reseller or Authorized Solution Center.

    (required) Specify the entry of the PaperCut NG/MF key/ certificate that is being generated into the keystore.

    Valid values: [standard] (9192); [highsec] (9195)

    Note:

    To change the ports, use the following properties in the server.properties file:

    • server.ssl.port - The port specified here maps to the -keystoreentry argument's [standard] value.
    • server.ssl.high-security-port - The port specified here maps to the -keystoreentry argument's [highsec] value.
    -sig <signature>

    Specify the certificate signing algorithm that is used by the PaperCut NG/MF key/ certificate that is being generated into the keystore.
    Valid values: [sha256 | sha1].
    If you don’t specify this value, the standard algorithm sha1 is used. This ensures backwards compatibility with 3rd party systems. For more information, see Can I use other algorithms such as SHA2/SHA256?

    -keystorepass <keystore password>

    Specify the password required to access the keystore.

    If you don’t specify this value, the keystore password is default.

    -keystorekeypass <keystore key password>

    Specify the password required to access the PaperCut NG/MF key/ certificate that is being generated into the keystore.

    If you don’t specify this value, the keystore key password is default.

    -bcCa Add the X.509 Basic Constraints CA extension.
    <SYSTEM-NAME>

    Specify the name of the computer/ server that is being used to create the keystore.

    If you don’t specify this value, the current computer name is used.

    Note: To eliminate the “Domain mismatch warning” that is displayed when users access HTTPS sites using a fully-qualified domain name, specify the fully-qualified domain (FQDN). For example, "myserver.fullname.com"
    Important:

    To generate more than one customized self-signed PaperCut NG/MF key/ certificate, run the customized create-ssl-keystore command individually, each time. Every time you run this command, ensure that the -keystorekeypass <keystore key password> value is always the same.

  3. If you specified the -k, -keystorepass, or -keystorekeypass arguments:

    1. Open the file [app-path]/server/server.properties with a text editor (e.g. Notepad).

    2. Locate the section titled SSL Key/Certificate.

    3. Remove the # (hash) comment marker from the lines starting with:

      server.ssl.keystore=

      server.ssl.keystore-password=

      server.ssl.key-password=

    4. Define the following properties:

      server.properties value Description
      server.ssl.keystore=

      The location of your keystore. This must match the value specified by -k in create-ssl-keystore.

      If you did not specify this value in create-ssl-keystore, leave it as default in the server.properties file.

      server.ssl.keystore-password=

      The keystore password. This must match the value specified by -keystorepass in create-ssl-keystore.

      If you did not specify this value in create-ssl-keystore, leave it as default in the server.properties file.

      server.ssl.key-password=

      The keystore key password. This must match the value specified by -keystorekeypass in create-ssl-keystore.

      If you did not specify this value in create-ssl-keystore, leave it as default in the server.properties file.

    5. Save the file.
      Note: On Mac OS, for server.ssl.keystore, specify the FULL path to your keystore. For example, /Applications/PaperCut NG/MF/server/custom/my-ssl-keystore
  4. Restart the Application ServerAn Application Server is the primary server program responsible for providing the PaperCut user interface, storing data, and providing services to users. PaperCut uses the Application Server to manage user and account information, manage printers, calculate print costs, provide a web browser interface to administrators and end users, and much more..

Comments

Share your findings and experience with other PaperCut users. Feel free to add comments and suggestions about this Knowledge Base article. Please don't use this for support requests.