Skip to content
Support
Search

Use an existing trusted IIS certificate

This page applies to:

Contents

If your organizationā€™s intranet is served by Internet Information Server (Windows), Apache (Linux), or another web server, you might be able to use the trusted IIS certificate for PaperCut NG/MF.

You can use an existing trusted IIS certificate if either:

  • your intranet server and PaperCut NG/MF Application server run on the same server, that is, they have the same server name and address
  • you have a wild-card certificate that allows arbitrary subdomains under the domain name (for example, myschool.edu) for which it was issued.

To use an existing trusted IIS certificate:

  1. Export the existing trusted IIS certificate .
  2. Import the existing trusted IIS certificate into the PaperCut NG/MF keystore .
  3. Configure the PaperCut NG/MF keystore .

Step 1: Export the existing trusted IIS certificate

To export your trusted certificate:

  1. Open the Windows management console.

  2. Select your IIS server.

  3. Navigate to the Windows Start menu.

  4. Right-click the Command Prompt.

  5. Select Run as administrator.

  6. Run the following command:

    MMC

  7. Verify that the Console Root screen is displayed:

  8. On the Console Root screen, press the keyboard shortcut Ctrl+M.

  9. Verify that the Add or Remove Snap-ins screen is displayed:

  10. On the Add or Remove Snap-ins screenā€™s Available snap-ins list, select Certificates; then click Add:

  1. From the Certificates snap-in screen, select Computer account; then click Next >:

  1. Click Finish:

  1. Verify that on the Add or Remove Snap-ins screenā€™s Selected snap-ins list, Console Root > Certificates is displayed:

  1. Click OK.
  2. On the Console Root screen, navigate to: Console Root > Certificates > Personal > Certificates:

  1. Right-click the certificate and navigate to: All Tasks > Exportā€¦:

  1. Follow the Certificate Export Wizardā€™s prompts:

    1. Click Next:

    2. 2. Select Yes, export the private key; then click Next:

    3. 3. Select Personal Information Exchange, Include all certificates in the certification path if possible and Enable certificate privacy; then click Next:

    4. 4. Select Password; then enter the export password; then click Next.

  1. Click Browse:

  1. Select the directory in which the certificate will be exported to:

  1. Enter the File name that the certificate will be exported as, in the directory you selected; then click Save:

  1. Verify that the File name displays the path of directory you selected and the file name of the certificate that you specified; then click Next:

  1. Click Finish:

  1. Click OK:

  1. Close the Find Certificates screen.
  2. Close the Console Root screen.
  3. Click No:

Step 2: Import the existing trusted IIS certificate into the PaperCut NG/MF keystore

To import your trusted certificate into the PaperCut NG/MF keystore:

  1. Navigate to the directory where your exported certificate is saved and copy the certificate.

  2. Navigate to the following path on your PaperCut NG/MF Application Server and paste the certificate in this path:

    [app-path]\server\custom\

  3. From the Start menu, type Command Prompt and right-click to select Run as administrator.

  4. Navigate to the directory [app-path]/runtime/jre/bin. On a 64-bit Windows server running PaperCut MF, this command might look like CD "C:\Program Files\PaperCut MF\runtime\bin".

  5. In the directory, delete any existing files with the following name:

    my-ssl-keystore

  6. In the Command Prompt, run the following command:

    keytool -importkeystore -srckeystore "[app-path]\server\custom\MySslExportCert.pfx" -srcstoretype pkcs12 -destkeystore "[app-path]\server\custom\my-ssl-keystore"

  7. Enter the following responses to the SSL key:

    Enter destination keystore password: Enter keystore password.

    Re-enter new password: Re-enter the same keystore password.

    Enter source keystore password: Enter the same password as entered while exporting the certificate on the Certificate Export Password screen.

    For example:

    keytool -importkeystore -srckeystore "c:\Program Files\PaperCut NG/MF\server\custom\MySslExportCert.pfx" -srcstoretype pkcs12 -destkeystore "c:\Program Files\PaperCut NG/MF\server\custom\my-ssl-keystore"

Step 3: Configure the PaperCut NG/MF keystore

To configure the PaperCut Application Server to use the new key/certificate:

  1. Copy your signed keystore onto the server running the PaperCut NG/MF Application Server. The suggested location is [app-path]/server/custom/my-ssl-keystore

  2. Open the file [app-path]/server/server.properties with a text editor (for example, Notepad).

  3. Locate the section titled SSL Key/Certificate.

  4. Remove the # (hash) comment marker from all lines starting with:

    server.ssl.keystore=

    server.ssl.keystore-password=

    server.ssl.key-password=

  5. Define the following:

  6. Save the file.

  7. Restart the PaperCut NG/MF Application Server.

Comments