Steps on how to use the existing PrinterOn's internal CA for issuing SSL certificates - c06414304
To obtain a functional SSL certificate for your PrinterOn server, the following 4 steps needs to be done.
- Create a Certificate Signing Request (CSR)
- Submit the CSR to the Certificate Authority (CA)
- Obtain the signed SSL certificate from CA
- Import the private key into the signed SSL certificate (Convert to PFX/PKCS12 format)
Create a Certificate Signing Request (CSR):
Log into PrinterOn CA server in LABVM using a domain administrator account
i.e.user name: labvm\motiee, Password: Equitrac2010
- From the Windows Start Menu launch "Internet Information System (IIS) Manager"
- On the left Window, expand LABVM-CA (LABVM\motiee)
- On the middle Window, double click on Server Certificates
- On the right Window, click on "Create Certificate Request" link
The next Window will ask about the certificate information that you want to request. Fill in all the information accordingly.
- The common name should reflect the PrinterOn's server address (DNS name or IP address) that the certificate is going to be issued to
The rest of information can be anything but choose something meaningful
- Click Next, Set the Bit length as 2048, and click next again
- Specify a file name and a location for your Certificate Request, then click Finish
Submit the CSR to the Certificate Authority (CA):
Open Internet Explorer on PrinterOn CA server and navigate to http://127.0.0.1/certsrv
If prompted for login user/password, use a domain admin user/password (i.e.user name: labvm\motiee, Password: Equitrac2010)
- Click on Request a Certificate
- Click on advanced certificate request
- Click on Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file ...
- Open the CSR that was generated previously and copy/paste the content of the CSR in "Saved Request" window
- Choose Web server as the Certificate Template and click on Submit botton
If you get a message that the Certificate Request Denied due to some active directory policy, try the followings and then try the last step again
- Make sure the CA server and lab AD server have their times in sync
- Reboot the CA server
- Next, you can click on Download certificate to get a copy of the newly signed SSL certificate
Obtain the signed SSL certificate from CA:
The signed SSL certificate is now downloaded from the step 8 above
Import the private key into the signed SSL certificate (Convert to PFX/PKCS12 format)
- There is already a shortcut to open Certificate Authority Snap-in on Windows task bar, click on the shortcut to open it. Alternatively, from Windows command line, type MMC to open Microsoft Management Console, then select Add/Remove Snap-in to add "Certificate Authority"
- Navigate to Certificates > Personal > certificates
- Right click and choose All Task > Import ...
Click next and then browse to the signed SSL certificate that was obtained in the previous steps
- Click Next and Next to choose all the defaults and then select Finish
- Now you should see the singed SSL certificate in the MMC console
- Right click on the SSL certificate that you just imported and select All Tasks > Export
- Click Next, select "Yes, export the private key", and click next again
- Select PKCS #12 (PFX) with "Include all certificates in the certification if possible" and "Export all extended properties"
- Click Next, select a password for the pfx file, and then click next again
- Choose a location and a file name to save your final SSL certificate (in pfx format) that can be used on PrinterOn server
- Click Next and then click Finish
- You now have a signed SSL certificate in PKCS #12 format (pfx file) and its corresponding password to be used with PrinterOn server!
- Since the above SSL certificate is generated and signed by PrinterOn's internal Certificate Authority, you will need a copy of the root certificate of PrinterOn's Certificate Authority to be installed on every single device that is going to print to PrinterOn server. including the individual web browsers, individual android and iOS mobile devices, etc.
- A copy of the root certificate can be found here: https://na33.salesforce.com/06939000004nmrsAAA . Alternatively, the root certificate can also be downloaded from PrinterOn's internal CA
- More information on how to add/install the root certificate on different web browsers or android/iOS mobile device can be found on the internet or alternatively in "PrinterOn Local Certificate Authority Setup Guide" located here: https://www.printeron.com/support/documentation.html