Skip to main content
Kofax

How can a signed certificate be imported into SafeCom Mobile print to enable SSL communications?

3033964

Question : 

How can a signed certificate be imported into SafeCom Mobile print to enable SSL communications?

Answer : 

In this guide, we'll go through the process of importing PFX SSL certificate into Safecom Mobile Print consisting of a PKCS key pair.

Pre-requisites : Amazon Corretto and Keystore Explorer

How to:

Create a new KeyStore

1. Open Keystore Explorer and click Create a new KeyStore

kb833231_importssl-01.png 

2. Select New KeyStore Type :  JKS

kb833231_importssl-02.png

3. Choose to first Import Key Pair

kb833231_importssl-03.png

4. Choose the Import Key Pair Type : PKCS #12.

kb833231_importssl-04.png

5. Browse and select your original .pfx Key Pair and enter the associated Password.

kb833231_importssl-05-b.png

6. You will be prompted to create a New Key Pair Entry Password of your choice (this is used later when adding keystore to Safecom Mobile Print ):

kb833231_importssl-06.png

7. The importation should be done:

kb833231_importssl-07-b.png

8. You now have to save the keystore. Click on the icon disk:

kb833231_importssl-08-b.png

9. You have to set a Keystore Password. In this example, the password "mysecret" was chosen for both Keypair and Keystore password.

kb833231_importssl-09-b.png

10. Save the keystore file to the Safecom Mobile Print /etc folder, by default in:

SF mobile dir.png

  • <Safecom Mobile Print install dir>\etc

II - Apply new KeyStore:

  1. Open <Safecom Mobile Print install dir>\etc directory
  2. Make a backup copy of the files called jetty-ssl.xml and jetty-ssl-terminalapi.xml
  3. Open both files with a text editor like Notepad
  4. Change the keystore entries to use the new keystore file, and enter passwords in 3 places
  5. While we're here, we can also change from default 9443 port to standard HTTPS port 443, so end users can enter a URL in their browser without specifying the port.

    Warning: before doing this change make sure that no other application (for example IIS server) is already using this port:

    • Open a command window and type : netstat -ano -p tcp
    • Look for :443 in the "Local Address" column
    • If this port is already in use, you may keep port 9443 and provide end users with the complete URL : https://<Safecom mobile print-server>:9443

kb833231_importssl-12.png

  1. Save the xml file and restart SafeCom Mobile Print Web Service, and now you should be able to confirm the working certificate in the browser.

Troubleshooting:

  • If the Web interface is inaccessible, any Web server related errors are logged to the file: 
    • <Safecom Mobile Print install dir>\logs\eopwebservice.log
  • Check this log file for any error
  • In doubt create a support case and provide the whole eopwebservice.log file
  • Was this article helpful?