Choose your language

Choose your login

Support

Set up an SSL/TLS certificate for Mobility Print

This page applies to:

This topic covers:

How to install a public CA (Certificate Authority) on your Mobility Print server

The certificate and private key used by the PaperCut NG/MF Mobility Print server for HTTPS connection are in PEM-encoded format. To use an existing trusted SSL key:

  1. Export the existing certificate and key to PEM-encoded format
  2. Configure the Mobility Print server certificate

Step 1: Export the existing certificate and key to PEM-encoded format

To start with you’ll need to separate the components of the certificate key bundle using PEM encoding for the key. The process depends on the type of bundle you have. Also, you’ll need to know the bundle’s import password because you’re going to need it soon.

Windows certificate store

  1. If you already have a .pfx file, skip this step. Otherwise, export the certificate and key as a PFX bundle by following the steps in the PaperCut NG/MF help for Step 1: Export the existing certificate with key .

  2. Export the PEM-encoded key and certificate as described below.

A PKCS#12 file (*.p12/*.pfx)

  1. Run the command openssl pkcs12 -in certname.pfx -nocerts -out tlspw.pem to export the key from the certificate key bundle.

  2. Run openssl rsa -in tlspw.pem -out tls.pem to remove the PEM pass phrase from the last step.

  3. Run openssl pkcs12 -in certname.pfx -nokeys -out tls.cer to export the certificate from the certificate key bundle.

Step 2: Configure the Mobility Print server certificate

  1. On the Mobility Print server, stop the PaperCut NG/MF Mobility Print service.

  2. Navigate to C:\<Mobility Print install path>\data\. You’ll see the following:

    • tls.cer (certificate file)

    • tls.pem (private key file)

  3. Make a backup of the current tls.cer and tls.pem by renaming them both to .old so you have a copy of the original files

  4. Copy your extracted certificate and private key files and paste them into this folder.

  5. Rename your certificate file to tls.cer and the private key file to tls.pem.

  6. Start the Mobility Print service.

  7. Access the Mobility Print Admin interface using the Common Name (or Host Name) that you’ve specified in the certificate.

How to install a Private Self-Signed Certificate on your Windows client machine

At a high level, you can install the PaperCut NG/MF Mobility Print self-signed certificate to the Trusted Root Certification Authorities on a Windows Client. In a managed Windows environment you can use your own toolset to deploy the certificate according to your existing workflows.

For an individual machine, follow these steps:

  1. On the server with the PaperCut NG/MF Mobility Print server, navigate to [app-path]\data, typically C:\Program Files (x86)\PaperCut Mobility Print\data

  2. Copy the tls.cer file to your target machine.

  3. On the target machine, double-click tls.cer.

  4. Click Install Certificate.

    Screenshot showing the tls.cer file in the Mobilty-Print\data\ directory. The user has double clicked the file, so they see the additional 'Certificate' dialog with the 'Install Certificate' button highlighted.
  5. On the Welcome to the Certificate Import Wizard screen, click Next.

  6. Select the Place all certificates in the following store option; then click Browse .

  7. Select Trusted Root Certification Authorities; then click OK.

  8. Click Next.

  9. Click Finish.

  10. Click OK.

Comments