SHA1 error message on Konica Minolta

As of firmware G00-Q1, a default installation of PaperCut MF shows an error message on the Konica Minolta device panel states the following:

This may be seen on the Konica Minolta device when the PaperCut server uses a SHA1 certificate. By default, PaperCut ships with a SHA1 signed certificate, as several devices only support SHA1 communication, so a default PaperCut installation may produce this error. However, seeing this message on the device is undesirable, as it may confuse users. There are a few solutions to this problem that we’ll cover below:

Upgrading to a SHA256 certificate:

The easiest and recommended solution is to upgrade the PaperCut server certificate to be encrypted with SHA256. This is a more secure level of encryption and will prevent this error message from appearing on the device.

Upgrade the PaperCut Application’s default certificate:

1. As an administrator, open a new terminal
2. Navigate to the create-ssl-keystore tool:
   1. cd [app-path]PaperCut [MF\NG]\server\bin\win
3. Backup the old keystore
   1. [app-data]PaperCut [MF\NG]\server\data\default-ssl-keystore
4. For a standard PaperCut install that has not been modified, execute the command:
   1. create-ssl-keystore -f -sig sha256 -bcCA

You should expect to see the result:

create-ssl-keystore
Argument	Description
-bcCa	Add the X.509 Basic Constraints CA extension
-f	(force) Overwrite any existing keystore file.
-k	Define a keystore file location. By default, the location is [app-data]/PaperCut [MF/NG]/server/data/default-ssl-keystore
-keystorepass	Specifies the keystore password. By default, the Keystore password is default
-keystorekeypass	Specifies the Private Key password within the keystore. By default, the Private Key password is default
-sig [ SHA256|SHA1 ]	Specifies the algorithm that should be used for certificate signing. By default, SHA1 is used.
SYSTEM_NAME	The name of the computer/server used to generate keystore. By default, the current computer name is used.
Example:
create-ssl-keystore -f -k <location> -sig sha256 -keystorepass <KEYSTOREpassword> -keystorekeypass <KEYpassword> -bcCA <SYSTEM-NAME>

• (OPTIONAL) If you specified the -k, -keystorepass, or -keystorekeypass arguments:
  • Open the [app-path]\server\server.properties file with a text editor
  • Locate the section titled SSL Key\Certificate.
  • Remove the comment marker (#) from the line starting with server.ssl.keystore=
  • Define the following properties:

server.properties
Property	Description
server.ssl.keystore	The location of your keystore. This must match the value specified by -k in create-ssl-keystore. If you did not specify this value in create-ssl-keystore, leave the default value in your server.properties file.
server.ssl.keystore-password	The keystore password. This must match the value specified by -keystorepass in create-ssl-keystore; if you did not specify this value in create-ssl-keystore, leave it as default in the server.properties file.
server.ssl.key-password	The keystore private key password. This must match the value specified by -keystorekeypass in create-ssl-keystore; if you did not specify this value in create-ssl-keystore, leave it as default in the server.properties file.

• Restart the PaperCut Application Server
• For more information, check out our manual!

Suppressing the warning in the PaperCut Admin console

You can suppress the admin dashboard warning by performing:

1. Go to the PaperCut Application’s Admin dashboard
   1. https://papercutserver:9192/admin
2. Devices
   1. Device
      1. Advanced Config
         1. ext-device.konica-minolta.browser.show-sha1-message
         2. VALUE = “ ‘N’ ”.

Suppress the warning on a Konica Minolta MFD

Web Interface

1. Access the Konica Minolta’s Web Interface
2. Settings
3. Security Settings
4. SSL communication of SHA1 certificate
   1. Select Allow

Panel

1. Tap [Menu] - [Settings]
2. Login as Administrator
3. Security Settings
4. SSL communication of SHA1 certificate
5. Select Allow