How to configure Print Delivery Hub to utilize a signed/trusted certificate - c07732533
Print Delivery Hub (PDH) does not utilize SSL/TLS by default to receive print data. This can be updated to utilize a keystore which has had root and intermediate certificates imported into it.
- Log into the PrinterOn Configuration Manager.
- Navigate to Advanced > Components > Print Delivery Hub .
- Navigate to the PDH SSL tab.
-
Generate a
New Keystore
by completing all the fields on this page. The details used here will be part of your certificate details.
NOTE:
The Command Name (CN) value must reflect the address which you wish to secure. This should be the IP or DNS name for the server which is hosting the PDH application. Choose IP or DNS based on how your PDH is being used. If users are submitting jobs via PrintWhere, jobs will be sent directly to the PDH and therefore this address must be routable from their network. -
Use this newly created keystore to generate a CSR:
-
Run the following command:
keytool -certreq -alias chosen_alias -file printeron.crq -keypass password -storetype jks -keystore keystore_file -storepass password -
Open the newly created .crq file from the Java bin folder in Notepad and verify it looks something like this:
-----BEGIN NEW CERTIFICATE REQUEST----- MIICvzCCAacCAQAwejELMAkGA1UEBhMCQ0ExCzAJBgNVBAgTAk9OMRIwEAYDVQQHEwlLaXRjaGVu ZXIxFjAUBgNVBAoTDVByaW50ZXJPbiBJbmMxFjAUBgNVBAsTDVByaW50ZXJPbiBJbmMxGjAYBgNV BAMTEXd3dy5wcmludGVyb24uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqXYS u794atPUocyRSnH3VMFXRI7P6W5VDZ9MyfFMF6xnJhG4MkKzmFeUkSg9H1q4D3DHf5rftO2SnJGV BFqb7TQPnfF+ohHmY5YXmy6EzUbb0+tdd608MM55UfDJjISiTkUrNaV6FJTEc2qcyuE5EFZvhiL2 YTQKlX2TQc731m+0Ogb3AAVEVG/hw5hMrL8ctMdw0LnZ6umIdgmrE6Vs6YXAhMPWllyqaTxqnTIq sW4703D2tyaAXcFrYf1ZQWjBcs2kb4A4AiVBC6joYfCK1x6iCzIXGKJlYfzJzJDhrLQQPHxM575f KQNfROX5SQ5wFVwviWZmZkGrOTrJH9TMaQIDAQABoA AwDQYJKoZIhvcNAQEFBQADggEBAGHSQLKQ 2KnveIyZ79/hYxtMrKFNn/e0alhRVMhCxXk+4y9xXnM38TCdon9F0KDcCwIUZrv5fS45woVYO413 18nlTeuOWxDNbTtLk7oCN3ZmzoAtNtzQw+4X9/0NKXnYCX44X4O7ohKuP2gi38BPJ1Vr4r9xtu4j 8NBIrLpTcO6qDgrl08x3bsUH500ZwFqPLuAqQt31DGQCrCIospYVVKK6PEtGrE7pLbwp7/ZluDUX SFm+DM+2Q7fLnldq1RJYEoxVeNX58gXjyaVlR+SgqjLFVLulJiOWZuFPj1nh6oIa41Ot8pwqVaKn B+lMuaHhFwTO8GvraIbnjsadmw+zFhU= -----END NEW CERTIFICATE REQUEST-----
-
Run the following command:
- Upload your CSR to your Certificate Authority (CA).
- Download your signed certificate in PKCS 7 format from the CA.
-
Import the signed certificate into your keystore using the following command:
keytool -import -alias printeron -file pkcs7_cert_filename -keypass changeit -storetype jks -keystore printeron.keystore -storepass changeit - Navigate to the PDH Networking tab and enable SSL next to the Default IPP Port .
- Restart your PDH service for the new certificate to take effect.
- Confirm the new certificate is being used by loading https://127.0.0.1:631 from a browser on the machine hosting Print Delivery Hub. The expected response is an XML reply which contains "This server does not support this API."
NOTE:
631 is the default port. if this has been changed, ensure your test connection reflects the correct port.