During the install process, PaperCut NG/MF generates self-signed keys/ certificates with default attributes. You also have the option of changing these attributes and generating customized self-signed certificates.
To generate customized self-signed certificates:
-
In a command line, navigate to the
create-ssl-keystoretool:cd [app-path]/server/bin/win -
Run the following
create-ssl-keystorecommand after specifying values for relevant arguments:create-ssl-keystore -f -k <keystore location> -keystoreentry <entry> -sig <signature> -keystorepass <keystore password> -keystorekeypass <keystore key password> -bcCA <SYSTEM-NAME>create-ssl-keystore command arguments Description and values -f
(force) Overwrites any existing keystore file(s).
-k <keystore location>
Specify the location of keystore for the PaperCut NG/MF key/ certificate that is being generated.
If you don’t specify this value, the default location
[app-path]/server/data/default-ssl-keystoreis used.-keystoreentry <entry>
(required) Specify the entry of the PaperCut NG/MF key/ certificate that is being generated into the keystore.
Valid values:
[standard](9192);[highsec](9195)-sig <signature>
Specify the certificate signing algorithm that is used by the PaperCut NG/MF key/ certificate that is being generated into the keystore.
Valid values:[sha256 | sha1].
If you don’t specify this value, the standard algorithmsha1is used. This ensures backwards compatibility with 3rd party systems. For more information, see Can I use other algorithms such as SHA2/SHA256?-keystorepass <keystore password>
Specify the password required to access the keystore.
If you don’t specify this value, the keystore password is
default.-keystorekeypass <keystore key password>
Specify the password required to access the PaperCut NG/MF key/ certificate that is being generated into the keystore.
If you don’t specify this value, the keystore key password is
default.-rdn <RDN>
Specify the self-signed certificate’s RDN (relative distinguished names).
<RDN> is a string that contains attribute type/value pairs in format <attribute>=<value> separated by a comma ",". For example:
-rdn cn=localhost,c=countryIf you don’t specify this value, the RDN value is
CN=<SYSTEM_NAME>,OU=unknown,O=unknown,L=unknown,ST=unknown,C=unknownValid attributes:
c, o, t, ou, cn, l, st, sn, serialnumber, street, emailaddress, dc, e, uid, surname, givenname, initials, generation, unstructuredaddress, unstructuredname, uniqueidentifier, dn, pseudonym, postaladdress, nameatbirth, countryofcitizenship, countryofresidence, gender, placeofbirth, dateofbirth, postalcode, businesscategory, telephonenumber, name, organizationidentifier-bcCa
Add the X.509 Basic Constraints CA extension.
<SYSTEM-NAME>
Specify the name of the computer/ server that is being used to create the keystore.
If you don’t specify this value, the current computer name is used.
-
If you specified the
-k,-keystorepass, or-keystorekeypassarguments:-
Open the file
[app-path]/server/server.propertieswith a text editor (e.g. Notepad). -
Locate the section titled
SSL Key/Certificate. -
Remove the
#(hash) comment marker from the lines starting with:server.ssl.keystore=server.ssl.keystore-password=server.ssl.key-password= -
Define the following properties:
server.properties value Description server.ssl.keystore=
The location of your keystore. This must match the value specified by
-kincreate-ssl-keystore.If you did not specify this value in
create-ssl-keystore, leave it as default in theserver.propertiesfile.server.ssl.keystore-password=
The keystore password. This must match the value specified by
-keystorepassin create-ssl-keystore.If you did not specify this value in
create-ssl-keystore, leave it as default in theserver.propertiesfile.server.ssl.key-password=
The keystore key password. This must match the value specified by
-keystorekeypassin create-ssl-keystore.If you did not specify this value in
create-ssl-keystore, leave it as default in theserver.propertiesfile. -
Save the file.
-
-
Restart the Application Server.
Comments