Choose your language

Choose your login

Support

Use the PaperCut NG/MF self-signed certificate

This page applies to:

During the install process, PaperCut NG/MF generates self-signed keys/ certificates with default attributes. You also have the option of changing these attributes and generating customized self-signed certificates.

To generate customized self-signed certificates:

  1. In a command line, navigate to the create-ssl-keystore tool:

    cd [app-path]/server/bin/win
    
  2. Run the following create-ssl-keystore command after specifying values for relevant arguments:

    create-ssl-keystore -f -k <keystore location> -keystoreentry <entry> -sig <signature> -keystorepass <keystore password> -keystorekeypass <keystore key password> -bcCA <SYSTEM-NAME>
    

    create-ssl-keystore command argumentsDescription and values

    -f

    (force) Overwrites any existing keystore file(s).

    -k <keystore location>

    Specify the location of keystore for the PaperCut NG/MF key/ certificate that is being generated.

    If you don’t specify this value, the default location [app-path]/server/data/default-ssl-keystore is used.

    -keystoreentry <entry>

    (required) Specify the entry of the PaperCut NG/MF key/ certificate that is being generated into the keystore.

    Valid values: [standard] (9192); [highsec] (9195)

    -sig <signature>

    Specify the certificate signing algorithm that is used by the PaperCut NG/MF key/ certificate that is being generated into the keystore.
    Valid values: [sha256 | sha1].
    If you don’t specify this value, the standard algorithm sha1 is used. This ensures backwards compatibility with 3rd party systems. For more information, see Can I use other algorithms such as SHA2/SHA256?

    -keystorepass <keystore password>

    Specify the password required to access the keystore.

    If you don’t specify this value, the keystore password is default.

    -keystorekeypass <keystore key password>

    Specify the password required to access the PaperCut NG/MF key/ certificate that is being generated into the keystore.

    If you don’t specify this value, the keystore key password is default.

    -rdn <RDN>

    Specify the self-signed certificate’s RDN (relative distinguished names).

    <RDN> is a string that contains attribute type/value pairs in format <attribute>=<value> separated by a comma ",". For example: -rdn cn=localhost,c=country

    If you don’t specify this value, the RDN value is CN=<SYSTEM_NAME>,OU=unknown,O=unknown,L=unknown,ST=unknown,C=unknown

    Valid attributes: c, o, t, ou, cn, l, st, sn, serialnumber, street, emailaddress, dc, e, uid, surname, givenname, initials, generation, unstructuredaddress, unstructuredname, uniqueidentifier, dn, pseudonym, postaladdress, nameatbirth, countryofcitizenship, countryofresidence, gender, placeofbirth, dateofbirth, postalcode, businesscategory, telephonenumber, name, organizationidentifier

    -bcCa

    Add the X.509 Basic Constraints CA extension.

    <SYSTEM-NAME>

    Specify the name of the computer/ server that is being used to create the keystore.

    If you don’t specify this value, the current computer name is used.

  3. If you specified the -k, -keystorepass, or -keystorekeypass arguments:

    1. Open the file [app-path]/server/server.properties with a text editor (e.g. Notepad).

    2. Locate the section titled SSL Key/Certificate.

    3. Remove the # (hash) comment marker from the lines starting with:

      server.ssl.keystore=

      server.ssl.keystore-password=

      server.ssl.key-password=

    4. Define the following properties:

      server.properties valueDescription

      server.ssl.keystore=

      The location of your keystore. This must match the value specified by -k in create-ssl-keystore.

      If you did not specify this value in create-ssl-keystore, leave it as default in the server.properties file.

      server.ssl.keystore-password=

      The keystore password. This must match the value specified by -keystorepass in create-ssl-keystore.

      If you did not specify this value in create-ssl-keystore, leave it as default in the server.properties file.

      server.ssl.key-password=

      The keystore key password. This must match the value specified by -keystorekeypass in create-ssl-keystore.

      If you did not specify this value in create-ssl-keystore, leave it as default in the server.properties file.

    5. Save the file.

  4. Restart the Application Server.

Comments