Enable SSL certificate checking when using Print Deploy

When the Print Deploy client connects to the Print Deploy server with an untrusted certificate, the default behavior is for the client to proceed with the communication.

You can change this behavior by enabling strict SSL checking. If the server has an untrusted certificate, the client will stop communication with the server .

This is particularly useful in environments where users don’t have privileges to install certificates on their own computers and require an admin to push out a trusted certificate instead.

Enabling strict SSL checking

Minimum requirements

Print Deploy v1.2.1077 (released on Feb 27 2020)
PaperCut NG/MF 19.1

Step 1: Set up a trusted certificate for Print Deploy.

If you haven’t done so, follow the instructions in Enhance Print Deploy security with a CA-signed certificate for setting up a proper certificate for your Print Deploy server

Step 2: Enable the `StrictSSLCheckingEnabled` configuration key

To enable strict SSL checking, add or update the line StrictSSLCheckingEnabled = true in the server’s client.conf.toml file, located in: [application-server-path]\providers\print-deploy\[os]\data\config.

We recommend applying this configuration before deploying the clients. However, if you have already done so, you can still change the configuration on the server at any time. The clients will ignore checking SSL certificates until they receive a configuration from the server where StrictSSLCheckingEnabled is true

Any changes to this configuration require a restart of the PaperCutPrint Deploy service. For details, see the instructions on how to restart the Print Deploy server .

Step 3 (Optional but recommended): Deploy the clients with the installer flag `STRICT_SSL` set to `true`.

This will ensure that the first connection the client makes to the server is protected by a certificate verification check.

Windows

If deploying an MSI, run the installer as follows:

msiexec /i pc-printer-deployment-client-installer.msi server_host={insert your print deploy server host here} strict_ssl=true

macOS

If deploying the client DMG with an MDM tool, include a .plist file with the property strict_ssl set to true. Note that strict_ssl must be lowercase.

Linux

For .rpm based distributions: sudo STRICT_SSL=true yum localinstall <client-installer>\[<hostname>\].rpm
For .deb based distributions: sudo STRICT_SSL=true dpkg -i <client-installer>\[<hostname>\].deb

Enable SSL certificate checking

This page applies to:

Enabling strict SSL checking

Minimum requirements

Step 1: Set up a trusted certificate for Print Deploy.

Step 2: Enable the `StrictSSLCheckingEnabled` configuration key

Step 3 (Optional but recommended): Deploy the clients with the installer flag `STRICT_SSL` set to `true`.

Windows

macOS

Linux

Comments

Enabling strict SSL checking

Minimum requirements

Step 1: Set up a trusted certificate for Print Deploy.

Step 2: Enable the StrictSSLCheckingEnabled configuration key

Step 3 (Optional but recommended): Deploy the clients with the installer flag STRICT_SSL set to true.

Windows

macOS

Linux

Comments

Step 2: Enable the `StrictSSLCheckingEnabled` configuration key

Step 3 (Optional but recommended): Deploy the clients with the installer flag `STRICT_SSL` set to `true`.