PrinterOn KB Powered By ePRINTit USA

Steps on how to use the existing PrinterOn's internal CA for issuing SSL certificates - c06414304

To obtain a functional SSL certificate for your PrinterOn server, the following 4 steps needs to be done.

Create a Certificate Signing Request (CSR):

  1. Log into PrinterOn CA server in LABVM using a domain administrator account
    i.e.user name: labvm\motiee, Password: Equitrac2010
  2. From the Windows Start Menu launch "Internet Information System (IIS) Manager"
  3. On the left Window, expand LABVM-CA (LABVM\motiee)
  4. On the middle Window, double click on Server Certificates
  5. On the right Window, click on "Create Certificate Request" link
  6. The next Window will ask about the certificate information that you want to request. Fill in all the information accordingly.
    1. The common name should reflect the PrinterOn's server address (DNS name or IP address) that the certificate is going to be issued to
    2. The rest of information can be anything but choose something meaningful
  7. Click Next, Set the Bit length as 2048, and click next again
  8. Specify a file name and a location for your Certificate Request, then click Finish

Submit the CSR to the Certificate Authority (CA):

  1. Open Internet Explorer on PrinterOn CA server and navigate to http://127.0.0.1/certsrv
    If prompted for login user/password, use a domain admin user/password (i.e.user name: labvm\motiee, Password: Equitrac2010)
  2. Click on Request a Certificate
  3. Click on advanced certificate request
  4. Click on Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file ...
  5. Open the CSR that was generated previously and copy/paste the content of the CSR in "Saved Request" window
  6. Choose Web server as the Certificate Template and click on Submit botton
  7. If you get a message that the Certificate Request Denied due to some active directory policy, try the followings and then try the last step again
    1. Make sure the CA server and lab AD server have their times in sync
    2. Reboot the CA server
  8. Next, you can click on Download certificate to get a copy of the newly signed SSL certificate

Obtain the signed SSL certificate from CA:

The signed SSL certificate is now downloaded from the step 8 above

Import the private key into the signed SSL certificate (Convert to PFX/PKCS12 format) ​

  1. There is already a shortcut to open Certificate Authority Snap-in on Windows task bar, click on the shortcut to open it. Alternatively, from Windows command line, type MMC to open Microsoft Management Console, then select Add/Remove Snap-in to add "Certificate Authority"
  2. Navigate to Certificates > Personal > certificates
  3. Right click and choose All Task > Import ...
  4. Click next and then browse to the signed SSL certificate that was obtained in the previous steps
  5. Click Next and Next to choose all the defaults and then select Finish
  6. Now you should see the singed SSL certificate in the MMC console
  7. Right click on the SSL certificate that you just imported and select All Tasks > Export
  8. Click Next, select "Yes, export the private key", and click next again
  9. Select PKCS #12 (PFX) with "Include all certificates in the certification if possible" and "Export all extended properties"
  10. Click Next, select a password for the pfx file, and then click next again
  11. Choose a location and a file name to save your final SSL certificate (in pfx format) that can be used on PrinterOn server
  12. Click Next and then click Finish
  13. You now have a signed SSL certificate in PKCS #12 format (pfx file) and its corresponding password to be used with PrinterOn server!

NOTE: