CUPS SSL Certificates

Table of Contents

• Generating SSL Certificate Signing Request
• Installing SSL Certificate

Generating SSL Certificate Signing Request (CSR)

1. Login into the Linux server.
2. Create a folder called certs and navigate to the new folder location.

   mkdir certs && cd certs
   

3. Display the contents of the CUPS SSL folder

   sudo ls -alt /etc/cups/ssl/
   

4. Create copies of the current CUPS SSL certificate public and private parts appending the date when they were created.

   sudo cp /etc/cups/ssl/server.key /etc/cups/ssl/server_YYYYMMDD.key && sudo cp /etc/cups/ssl/server.crt /etc/cups/ssl/server_YYYYMMDD.crt
   

5. Using OpenSSL to create a Certificate Signing Request (CSR).
   • Example

   openssl req -new -newkey rsa:2048 -nodes -out server.csr -keyout server.key -subj "/C=US/ST=WA/L=Seattle/O=Your Company, Inc,/OU=IT/CN=www.example.com" -addext "subjectAltName=DNS:www.example.com"
   

6. Using OpenSSL to review a CSR server.csr file.

   openssl req -text -noout -in server.csr
   

7. To display the contents of the CSR server.csr file.

   cat server.csr
   

Installing SSL Certificate

1. Login into the Linux server.
2. Navigate to the folder certs.

   cd certs
   

3. Create and Open a file called server.crt

   touch server.crt && nano server.crt
   

4. Paste in the contents from a Base64 encoded X.509 digital certificate .cer file into the file server.crt.
5. Save and close the file server.crt.
6. Copy the server.key and server.crt files to the CUPS SSL certificate folder.

   sudo cp server.key /etc/cups/ssl/server.key && sudo cp server.crt /etc/cups/ssl/server.crt
   

7. Create copies of the new CUPS SSL certificate public and private parts appending the date when they were created.

   sudo cp /etc/cups/ssl/server.key /etc/cups/ssl/server_YYYYMMDD.key && sudo cp /etc/cups/ssl/server.crt /etc/cups/ssl/server_YYYYMMDD.crt
   

8. Log off Linux server.

   exit