Choose your language

Choose your login

Support

How can we help?

Lightbulb icon
Lightbulb icon

Here’s your answer

Sources:

Lightbulb icon

Oops!

We currently don’t have an answer for this and our teams are working on resolving the issue. If you still need help,
User reading a resource

Popular resources

Conversation bubbles

Contact us

SHA1 error message on Konica Minolta

THE PAGE APPLIES TO:

As of firmware G00-Q1, a default installation of PaperCut MF shows an error message on the Konica Minolta device panel states the following:

This may be seen on the Konica Minolta device when the PaperCut server uses a SHA1 certificate. By default, PaperCut ships with a SHA1 signed certificate, as several devices only support SHA1 communication, so a default PaperCut installation may produce this error. However, seeing this message on the device is undesirable, as it may confuse users. There are a few solutions to this problem that we’ll cover below:

Upgrading to a SHA256 certificate:

The easiest and recommended solution is to upgrade the PaperCut server certificate to be encrypted with SHA256. This is a more secure level of encryption and will prevent this error message from appearing on the device.

Upgrade the PaperCut Application’s default certificate:

  1. As an administrator, open a new terminal
  2. Navigate to the create-ssl-keystore tool:
    1. cd [app-path]PaperCut [MF\NG]\server\bin\win
  3. Backup the old keystore
    1. [app-data]PaperCut [MF\NG]\server\data\default-ssl-keystore
  4. For a standard PaperCut install that has not been modified, execute the command:
    1. create-ssl-keystore -f -sig sha256 -bcCA

You should expect to see the result:

create-ssl-keystore
ArgumentDescription
-bcCaAdd the X.509 Basic Constraints CA extension
-f(force) Overwrite any existing keystore file.
-kDefine a keystore file location. By default, the location is [app-data]/PaperCut [MF/NG]/server/data/default-ssl-keystore
-keystorepassSpecifies the keystore password. By default, the Keystore password is default
-keystorekeypassSpecifies the Private Key password within the keystore. By default, the Private Key password is default
-sig [ SHA256|SHA1 ]Specifies the algorithm that should be used for certificate signing. By default, SHA1 is used.
SYSTEM_NAMEThe name of the computer/server used to generate keystore. By default, the current computer name is used.
Example:
create-ssl-keystore -f -k <location> -sig sha256 -keystorepass <KEYSTOREpassword> -keystorekeypass <KEYpassword> -bcCA <SYSTEM-NAME>
  • (OPTIONAL) If you specified the -k, -keystorepass, or -keystorekeypass arguments:
    • Open the [app-path]\server\server.properties file with a text editor
    • Locate the section titled SSL Key\Certificate.
    • Remove the comment marker (#) from the line starting with server.ssl.keystore=
    • Define the following properties:
server.properties
PropertyDescription
server.ssl.keystoreThe location of your keystore. This must match the value specified by -k in create-ssl-keystore. If you did not specify this value in create-ssl-keystore, leave the default value in your server.properties file.
server.ssl.keystore-passwordThe keystore password. This must match the value specified by -keystorepass in create-ssl-keystore; if you did not specify this value in create-ssl-keystore, leave it as default in the server.properties file.
server.ssl.key-passwordThe keystore private key password. This must match the value specified by -keystorekeypass in create-ssl-keystore; if you did not specify this value in create-ssl-keystore, leave it as default in the server.properties file.

Suppressing the warning in the PaperCut Admin console

You can suppress the admin dashboard warning by performing:

  1. Go to the PaperCut Application’s Admin dashboard
    1. https://papercutserver:9192/admin
  2. Devices
    1. Device
      1. Advanced Config
        1. ext-device.konica-minolta.browser.show-sha1-message
        2. VALUE = “ ‘N’ ”.

Suppress the warning on a Konica Minolta MFD

Web Interface

  1. Access the Konica Minolta’s Web Interface
  2. Settings
  3. Security Settings
  4. SSL communication of SHA1 certificate
    1. Select Allow

Panel

  1. Tap [Menu] - [Settings]
  2. Login as Administrator
  3. Security Settings
  4. SSL communication of SHA1 certificate
  5. Select Allow

Categories: Troubleshooting Articles , Devices


Keywords: mf-only

Comments

Last updated June 13, 2024