Adding SSL Certificate to Papercut Webprint Page
For background, we created a Forward Lookup Zone on DNS called "webprint.bristolcc.edu". This Forward Lookup Zone has a blank host record (which just uses the full Domain in the Forward lookup zone) to the papercut server. This allows users to connect to the web portal using https://webprint.bristolcc.edu while connected to our internal network and allows us to leverage our Bristol Wildcard certificate to secure the site... now to the procedure.
Local Computer
- Talk to someone who has access to the Bristol private key (.key file) and godaddy to download the bristol wildcard certificate chain and private key file
- Run open ssl and generate a pkcs12 certificate using the following commands
-
openssl.exe pkcs12 -in <name of file.pem> -inkey <name of private key.key> -export -out bristol_wildcard<date>.pfx
- The pem file is the certificate chain and the key file is our private key for manipulating the certificate. This can be found by talking with a director in the ITS organization (Paul or Ryan)
- you will be asked to enter a password for the new pfx certificate. WRITE THIS DOWN AND SAVE IT YOU WILL NEED IT
- Find a way to move this certificate to the srv-w22-papercut server (shared file, etc...)
Papercut Server
- Log into srv-w22-papercut with your SA account
- Open the KeyStore Explorer application and select "Create a new KeyStore"
- Select "JKS"
- Click the import a key pair button
- Select pkcs12
- Type in the password you created for the pfx certificate and locate the pfx certificate you created - Give the alias name whatever you would like
- Create a new password for the Key Pair - WRITE THIS DOWN
- Click the Save button on the top left
- Create a new password for the keystore - for simplicity, I used the same password for the Key Pair as both will be needed later - WRITE THIS DOWN
- Save the file. Name it papercut-keystore.ks
- If the save gives you an error, try saving the keystore to your desktop or somewhere that does not require admin credentials to save to
- Copy the file from the saved location to C:\Program Files\PaperCut MF\server\custom and replace the file in the dicrectory
- Open Notepad as administrator and open the server.config file located at C:\Program Files\PaperCut MF\server\.
- Open Notepad as administrator first because if you just open the config file, it wont allow you to save the file
- Replace the keystore and key password values with the passwords you created for each
- Save the file and restart the application server service.
- Login to the https://webprint.bristolcc.edu web page and validate that the certificate is valid.
- Create a calendar reminder to update the certificate for the next time the certificate is going to expire.