Skip to main content
Kofax

ShareScan: Certificate Manager Tool

Information:

Certificate Manager, an add-on tool for eCopy ShareScan, is available to aid in the backup, generation and restoring of SSL certificates used by Web Client devices. The n, which allows the management of any required security certificates. The tool is separate from the eCopy ShareScan installation, and can be launched by starting CertificateManager.exe.  This tool is included in the Tools directory for ShareScan 5.1 and newer.

How to use it:

When started, the Certificate Manager displays the following buttons in its window; depending on your configuration, the first option (Configure Tomcat server.xml may not be available):

  • Configure Tomcat server.xml: this option allows you to customize the cryptographic protocols and ciphers used by ShareScan on a port-by-port basis via editing theserver.xml file used by the Tomcat component of eCopy ShareScan. Clicking this button displays a new window, listing all ports currently used by eCopy ShareScan, and the cryptographic protocols assigned for the specific port, if that port uses SSL or TLS. You can use the server.xml dropdown item in the top-left corner to create a backup of the server.xml file you are using, or you can load a previously savedserver.xml.

To modify the protocols and ciphers assigned to a port, do the following:

  1. Click on the port whose properties you want to modify.
  2. Click the Edit button on the upper-right part of the window. A new screen is displayed, showing the currently used protocols and ciphers.
  3. Under Enabled protocols, select the cryptographic protocols you want to use (for example, TLSv1 or SSLv3).
  4. Under Enabled Ciphers, select the ciphers you want to use. For ease of use, a number of filter options are included with the tool, and can be accessed via button push (for example, Remove weak ciphers, Select Java 6 ciphers, Remove ciphers using CBC encoding, and so forth).
  5. Click OK to save the changes.
  • Re-generate certificate: this option allows you to recreate your digital certificate. To create the certificate, you have to enter either the IP address (Discover IP button) or Fully Qualified Domain Name (Discover FQDN button) to the displayed field under Certificate Common Name, then click the Generate button on the lower-right part of the window.
  • Backup certificate: click this button to create a backup of your existing certificate. A Browse window is displayed, where you can select the location and filename of the certificate to be saved. Back up your certificates if you have imported your certificates manually to your Konica Minolta devices (to prevent the warning from popping up), and do not want to repeat the process. Also, the recommended workflow when upgrading from ShareScan 5.0 SP x to ShareScan 5.1 is to back up your certificate, perform the upgrade of ShareScan, then restore the certificate.
  • Restore certificate: click this button to restore a certificate. A Browse window is displayed, where you can locate the certificate to be restored.

How to validate certificate:

  •  

When to use it:

  • New installations:

    • Use the Configure Tomcat server.xml option to configure required settings as needed for a new implementation.
    • Use the Re-generate certificate option to generate the certificate for implementation on the devices.
    • Use the Backup Certificate option to create a backup of the certificate after a successful install as a best practice.
    • Use the Configure Tomcat Server.xml option to create a backup of the Server.xml after a successful install as a best practice
  • Upgrades from ShareScan 5.0 SP4 or later:
    • Use the Backup Certificate option before the upgrade to create a backup of the certificate in use
    • Use the Restore Certificate option after the upgrade reimport the certificate files to the respective directories.
    • Use the Configure Tomcat Server.xml option to create a backup of the Server.xml after a successful install as a best practice
  • Upgrades from ShareScan 4.x
    • Follow same instructions as new installations.
  • Troubleshooting
    • Use the Re-Generate Certificate option to recreate the certificate should an issue such as an expired certificate etc occur
    • Use the Restore Certificate option to restore a known functional certificate if issues occur after a certificate or server change
    • Use the Configure Tomcat Server.xml option if additional considerations for ports or protocols are needed.