Skip to main content

How can a signed certificate be imported into SafeCom Mobile print to enable SSL communications?

Article # 3033964 - Page views: 130


Question : 

How can a signed certificate be imported into SafeCom Mobile print to enable SSL communications?

Answer : 

In this guide, we'll go through the process of importing PFX SSL certificate into Safecom Mobile Print consisting of a PKCS key pair.

Pre-requisites : Amazon Corretto and Keystore Explorer

How to:

Create a new KeyStore

1. Open Keystore Explorer and click Create a new KeyStore


2. Select New KeyStore Type :  JKS


3. Choose to first Import Key Pair


4. Choose the Import Key Pair Type : PKCS #12.


5. Browse and select your original .pfx Key Pair and enter the associated Password.


6. You will be prompted to create a New Key Pair Entry Password of your choice (this is used later when adding keystore to Safecom Mobile Print ):


7. The importation should be done:


8. You now have to save the keystore. Click on the icon disk:


9. You have to set a Keystore Password. In this example, the password "mysecret" was chosen for both Keypair and Keystore password.


10. Save the keystore file to the Safecom Mobile Print /etc folder, by default in:

SF mobile dir.png

  • <Safecom Mobile Print install dir>\etc

II - Apply new KeyStore:

  1. Open <Safecom Mobile Print install dir>\etc directory
  2. Make a backup copy of the files called jetty-ssl.xml and jetty-ssl-terminalapi.xml
  3. Open both files with a text editor like Notepad
  4. Change the keystore entries to use the new keystore file, and enter passwords in 3 places
  5. While we're here, we can also change from default 9443 port to standard HTTPS port 443, so end users can enter a URL in their browser without specifying the port.

    Warning: before doing this change make sure that no other application (for example IIS server) is already using this port:

    • Open a command window and type : netstat -ano -p tcp
    • Look for :443 in the "Local Address" column
    • If this port is already in use, you may keep port 9443 and provide end users with the complete URL : https://<Safecom mobile print-server>:9443


  1. Save the xml file and restart SafeCom Mobile Print Web Service, and now you should be able to confirm the working certificate in the browser.


  • If the Web interface is inaccessible, any Web server related errors are logged to the file: 
    • <Safecom Mobile Print install dir>\logs\eopwebservice.log
  • Check this log file for any error
  • In doubt create a support case and provide the whole eopwebservice.log file
  • Was this article helpful?