Setting up encryption for ThinPrint
Requirement
Certificates generated by a Windows certificate server are required.
Setting up encryption for ThinPrint
- From your Windows certificate server, export a client certificate that uses the PFX file format and has password security and copy it to the Linux machine.
- On the Linux machine, convert the PFX file to the PEM format as follows:
openssl pkcs12 -in [-passin pass:xxxxx] -out [-passout pass:yyyyy]Here, the following parameters are used:
| -in | name of the .pfx file to be converted |
| -passin | password of the .pfx file’s private key |
| -out | name of the .pem file to be created |
| -passout | new password for the private key in the .pem file |
Example 1 (with entering passwords manually):
openssl pkcs12 -in keyStore.pfx -out keyStore.pem
Example 2 (with providing passwords using parameters):
openssl pkcs12 -in keyStore.pfx -passin pass:xxxxxxxxxx -out keyStore.pem -passout pass:yyyyyyyyyy
- Set the following parameters of the ThinPrint Client (thnuclnt):
certfile = <path>/<file-name.pem>
certpw = <pem-password>
- Add these parameters to the thnuclnt.conf file (example):
# BEGIN SYSTEM CONFIG
autoupdate = 15
automap = true
autoid = 0
updatecount = 1
editcount = 1
certfile = /etc/thnuclnt/keyStore.pem
certpw = yyyyyyyyyy
connector tcpip {
protocol = listen
interface = 0.0.0.0
setdefault = true
}
# END SYSTEM CONFIG
For more on this, see the Parameters section.
- Restart the ThinPrint Client (thnuclnt) to enable encryption.
Note! On older Linux systems (e. g. SLES9 SP2), check whether the installed OpenSSL library supports SHA-2 signatures:
digicert.com/sha-2-compatibility.htm
For information about the server-side encryption settings see the section Encryption of print data.