You are here: Administration > Tools - database, server-command scripting, and APIs (Advanced) > Generate an SSL/HTTPS key > Use an existing trusted SSL certificate specifically for PaperCut MF

Use an existing trusted SSL certificate specifically for PaperCut MF

If you have an existing SSL keyIn typical public key infrastructure (PKI) arrangements, a digital signature from a certificate authority (CA) attests that a particular public key certificate is valid (i.e., contains correct information). An SSL key can be either a public key (can be disseminated publicly) or a private key (known only to the owner). with certificate, you can import it into the PaperCut MF keystore. The process depends on the type of certificate you have:

  • On Windows, a certificate with an attached private key stored in either:

    • the Windows certificate store
    • a PKCS#12 file (*.p12/*.pfx)

  • On Linux, separate 'PEM encoded' key and certificate files.

To use an existing trusted SSLSecure Sockets Layer (SSL) is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral. The protocol uses a third party, a Certificate Authority (CA), to identify one end or both end of the transactions. To be able to create an SSL connection a web server requires an SSL certificate. When you choose to activate SSL on your web server you will be prompted to complete a number of questions about the identity of your website and your company. Your web server then creates two cryptographic keys - a Private Key and a Public Key. key:

Step 1: Export the existing certificate with key

The way in which you export your existing trusted key depends on where it is stored:

Note:

If you already have a PKCS#12 file, you do not need to perform this step.

Step 2: Import the certificate into the PaperCut MF keystore

The way in which you import your trusted certificate into the PaperCut MF keystore depends on the type of certificate you have:

Step 3: Configure the PaperCut MF keystore

To configure the PaperCut Application Server to use the new key/certificate:

  1. Copy your signed keystore onto the server running the PaperCut MF Application Server. The suggested location is [app-path]/server/custom/my-ssl-keystore

  2. Open the file [app-path]/server/server.properties with a text editor (e.g. Notepad).

  3. Locate the section titled SSL Key/Certificate.

  4. Remove the # (hash) comment marker from all lines starting with "server.ssl".

  5. Define the location of your keystore, keystore password and key password as chosen previously. The file should look something like this:

    server.ssl.keystore=custom/my-ssl-keystore

    server.ssl.keystore-password=default

    server.ssl.key-password=default

    NOTE: On Mac OS, specify the FULL path to your keystore, e.g. /Applications/PaperCut MF/server/custom/my-ssl-keystore

  6. Restart the PaperCut MF Application Server and verify all is working. If the server fails to start, error messages are recorded in logs located in the server's logs directory.