Skip to content

Choose your language

  • No results

Choose your login

  • No results
Support

How can we help?

PaperCut's AI-generated content is continually improving, but it may still contain errors. Please verify as needed.

Lightbulb icon
Lightbulb icon

Here’s your answer

Sources:

* PaperCut is constantly working to improve the accuracy and quality of our AI-generated content. However, there may still be errors or inaccuracies, we appreciate your understanding and encourage verification when needed.

Lightbulb icon

Oops!

We currently don’t have an answer for this and our teams are working on resolving the issue. If you still need help,
User reading a resource

Popular resources

Help center

FAQs
Conversation bubbles

Contact us

Search

Use an existing trusted IIS certificate

This page applies to:

If your organization’s intranet is served by Internet Information Server (Windows), Apache (Linux), or another web server, you might be able to use the trusted IIS certificate for PaperCut NG/MF.

You can use an existing trusted IIS certificate if either:

  • your intranet server and PaperCut NG/MF Application server run on the same server, that is, they have the same server name and address
  • you have a wild-card certificate that allows arbitrary subdomains under the domain name (for example, myschool.edu) for which it was issued.

To use an existing trusted IIS certificate:

  1. Export the existing trusted IIS certificate .
  2. Import the existing trusted IIS certificate into the PaperCut NG/MF keystore .
  3. Configure the PaperCut NG/MF keystore .

Step 1: Export the existing trusted IIS certificate

To export your trusted certificate:

  1. Open the Windows management console.

  2. Select your IIS server.

  3. Navigate to the Windows Start menu.

  4. Right-click the Command Prompt.

  5. Select Run as administrator.

  6. Run the following command:

    MMC

  7. Verify that the Console Root screen is displayed:

  8. On the Console Root screen, press the keyboard shortcut Ctrl+M.

  9. Verify that the Add or Remove Snap-ins screen is displayed:

  10. On the Add or Remove Snap-ins screen’s Available snap-ins list, select Certificates; then click Add:

  1. From the Certificates snap-in screen, select Computer account; then click Next >:

  1. Click Finish:

  1. Verify that on the Add or Remove Snap-ins screen’s Selected snap-ins list, Console Root > Certificates is displayed:

  1. Click OK.
  2. On the Console Root screen, navigate to: Console Root > Certificates > Personal > Certificates:

  1. Right-click the certificate and navigate to: All Tasks > Export…:

  1. Follow the Certificate Export Wizard’s prompts:

    1. Click Next:

    2. 2. Select Yes, export the private key; then click Next:

    3. 3. Select Personal Information Exchange, Include all certificates in the certification path if possible and Enable certificate privacy; then click Next:

    4. 4. Select Password; then enter the export password; then click Next.

  1. Click Browse:

  1. Select the directory in which the certificate will be exported to:

  1. Enter the File name that the certificate will be exported as, in the directory you selected; then click Save:

  1. Verify that the File name displays the path of directory you selected and the file name of the certificate that you specified; then click Next:

  1. Click Finish:

  1. Click OK:

  1. Close the Find Certificates screen.
  2. Close the Console Root screen.
  3. Click No:

Step 2: Import the existing trusted IIS certificate into the PaperCut NG/MF keystore

To import your trusted certificate into the PaperCut NG/MF keystore:

  1. Navigate to the directory where your exported certificate is saved and copy the certificate.

  2. Navigate to the following path on your PaperCut NG/MF Application Server and paste the certificate in this path:

    [app-path]\server\custom\

  3. From the Start menu, type Command Prompt and right-click to select Run as administrator.

  4. Navigate to the directory [app-path]/runtime/jre/bin. On a 64-bit Windows server running PaperCut MF, this command might look like CD "C:\Program Files\PaperCut MF\runtime\bin".

  5. In the directory, delete any existing files with the following name:

    my-ssl-keystore

  6. In the Command Prompt, run the following command:

    keytool -importkeystore -srckeystore "[app-path]\server\custom\MySslExportCert.pfx" -srcstoretype pkcs12 -destkeystore "[app-path]\server\custom\my-ssl-keystore"

  7. Enter the following responses to the SSL key:

    Enter destination keystore password: Enter keystore password.

    Re-enter new password: Re-enter the same keystore password.

    Enter source keystore password: Enter the same password as entered while exporting the certificate on the Certificate Export Password screen.

    For example:

    keytool -importkeystore -srckeystore "c:\Program Files\PaperCut NG/MF\server\custom\MySslExportCert.pfx" -srcstoretype pkcs12 -destkeystore "c:\Program Files\PaperCut NG/MF\server\custom\my-ssl-keystore"

Step 3: Configure the PaperCut NG/MF keystore

To configure the PaperCut Application Server to use the new key/certificate:

  1. Copy your signed keystore onto the server running the PaperCut NG/MF Application Server. The suggested location is [app-path]/server/custom/my-ssl-keystore

  2. Open the file [app-path]/server/server.properties with a text editor (for example, Notepad).

  3. Locate the section titled SSL Key/Certificate.

  4. Remove the # (hash) comment marker from all lines starting with:

    server.ssl.keystore=

    server.ssl.keystore-password=

    server.ssl.key-password=

  5. Define the following:

  6. Save the file.

  7. Restart the PaperCut NG/MF Application Server.

Comments