PrinterOn KB Powered By ePRINTit USA

Changes regarding self-signed certificates: PrinterOn client applications will no longer allow end users to approve - c06238659

Please note, this will only affect installations of PrinterOn Enterprise and not any PrinterOn Cloud services.

Summary of change:

PrinterOn client applications will no longer allow end users to approve the self-signed certificates when connecting to PrinterOn Enterprise services from within the PrinterOn client applications and will require approval via the operating system.

Who does this affect:

This affects PrinterOn clients connected to PrinterOn deployments that have not installed valid certificates on the PrinterOn Enterprise server. If the PrinterOn server has been properly configured to use fully qualified certificates after installation, this change will have no effect. This change does not affect the server software itself, and only affects the clients communication with the server.

Description of changes:

In September 2018 the PrinterOn client applications, including the PrinterOn mobile apps for iOS and Android, end users will no longer have the option of choosing to approve the user of self-signed certificates within the applications. The client applications will be updated to only communicate on network channels approved by the operating system and not from within the client application.

This approval process is accomplished by having the administrator share a trusted certificate keystore to the end user's device that contains the servers self-signed certificate. This sharing can occur via an enterprise mobility platform, via vendor specific tools, or simply via email.

The reason for this change is twofold, first it increases overall security of the PrinterOn solution, and secondly it allow the client applications to better leverage operating system services such as new browser technologies, single sign on services and more. These enhancements will allow the clients to prove improved overall user experiences.

Alternative method to support self-signed certificates:

First it is important to reiterate that PrinterOn strongly recommends the use of fully qualified certificates in any production environment.

PrinterOn has provided an alternative method to support the use of self-signed certificates that is more secure and follows industry best practices for security, should the use of self-signed certificates continue to be needed. Typically this will affect temporary installations used as part of proof of concepts or tests.

PrinterOn continues to strive for the most secure solutions available and this change will ensure we are able to continue to provide this best in class security.