In this guide, we'll go through the process of importing PFX SSL certificate into EveryonePrint consisting of a PKCS key pair.
I. - Create a new KeyStore
- Open Keystore Explorer and click Create a new KeyStore
/EOP%20MobilePrint%20(Legacy)/kb833231_importssl-01.png?width=500&height=387&name=kb833231_importssl-01.png)
- Select New KeyStore Type: JKS
/EOP%20MobilePrint%20(Legacy)/kb833231_importssl-02.png?width=500&height=388&name=kb833231_importssl-02.png)
- Choose to first Import Key Pair
/EOP%20MobilePrint%20(Legacy)/kb833231_importssl-03.png?width=500&height=389&name=kb833231_importssl-03.png)
- Choose the Import Key Pair Type: PKCS #12
/EOP%20MobilePrint%20(Legacy)/kb833231_importssl-04.png?width=500&height=297&name=kb833231_importssl-04.png)
- Browse and select your original .pfx Key Pair and enter the associated Decryption Password.
/EOP%20MobilePrint%20(Legacy)/kb833231_importssl-05-b.png?width=500&height=286&name=kb833231_importssl-05-b.png)
- You will be prompted to create a New Key Pair Entry Password of your choice (this is used later when adding keystore to EveryonePrint):
/EOP%20MobilePrint%20(Legacy)/kb833231_importssl-06.png?width=500&height=277&name=kb833231_importssl-06.png)
- The importation should be done:
/EOP%20MobilePrint%20(Legacy)/kb833231_importssl-07-b.png?width=500&height=256&name=kb833231_importssl-07-b.png)
- You now have to save the keystore. Click on the icon disk:
/EOP%20MobilePrint%20(Legacy)/kb833231_importssl-08-b.png?width=500&height=148&name=kb833231_importssl-08-b.png)
- You have to set a Keystore Password. In this example, the password "mysecret" was chosen for both Keypair and Keystore password.
/EOP%20MobilePrint%20(Legacy)/kb833231_importssl-09-b.png?width=500&height=264&name=kb833231_importssl-09-b.png)
- Save the keystore file to the EveryonePrint etc folder, by default in:
- <EOP install dir>\etc
/EOP%20MobilePrint%20(Legacy)/kb833231_importssl-10.png?width=500&height=111&name=kb833231_importssl-10.png)
- <EOP install dir>\etc
II. - Apply new KeyStore:
- Open <EOP install dir>\etc directory
- Make a backup copy of the files called jetty-ssl.xml and jetty-ssl-terminalapi.xml
- Open both files with a text editor like Notepad
- Change the keystore entries to use the new keystore file, and enter passwords in 3 places
- While we're here, we can also change from the default 9443 port to standard HTTPS port 443, so end users can enter a URL in their browser without specifying the port.
Warning: before doing this change, make sure that no other application (for example IIS server) is already using this port:
- Open a command window and type: netstat -ano -p tcp
- Look for:443 in the "Local Address" column
- If this port is already in use, you may keep port 9443 and provide end users with the complete URL: https://<everyoneprint-server>:9443
/EOP%20MobilePrint%20(Legacy)/kb833231_importssl-12.png?width=600&height=374&name=kb833231_importssl-12.png)
- Save the xml file and restart EveryonePrint Web Service, and now you should be able to confirm the working certificate in the browser.
/EOP%20MobilePrint%20(Legacy)/kb111222_022.png?width=500&height=207&name=kb111222_022.png)
Troubleshooting:
- If the Web interface is inaccessible, any Web server related errors are logged to the file:
- <EOP install dir>\logs\eopwebservice.log
- Check this log file for any error.
- In doubt contact our Customer Support Center and provide the whole eopwebservice.log file.