Skip to content

Configure Remote Printing Using Client Certificates


To configure a remote site for printing you have to follow these steps:

  1. Configure the main site
  2. Add the remote printer to PLOSSYS Output Engine
  3. Install the remote site client

Configure the Main Site

As an alternative to API Keys the remote sites can authenticate themselves against the main site with client certificates.

When issuing a client certificate for a remote site, the name of the remote site has to be used as the CN.

  1. Open a Command Prompt or PowerShell.

  2. Export the complete configuration of PLOSSYS Output Engine from Consul to a YAML file with the following command. So you're making sure current configuration settings are being used.

    plossys config export <filename>.yml --insecure
    
  3. Edit the exported file <filename>.yml.

  4. In the env section, specify the following mandatory keys for the mainland-checkout service:

    • AUTH_TYPE: cert, default: apiKey

    • CACERT: File name with full path of the certificate of the certification authority (CA) that issued the client certificates or the certificate content

    Hint - adding a service section

    If the section for the mainland-checkout service does not exist yet, you have to create it:

    service:
        mainland-checkout:
            tag:
                any:
                    AUTH_TYPE: cert
                    CACERT: c:\full\path\and\filename\of\the\certificate.pem
    
  5. Save the <filename>.yml file.

  6. Re-import it to Consul.

    plossys config import <filename>.yml --insecure
    
  7. Continue with Add the Remote Printer


Add the Remote Printer

Creating a remote site printer is basically the same as creating a main site printer. The only difference is an additional key remoteSite.

  1. Move the queue parameter remoteSite from the HIDDEN to the PLOSSYS tab.

    Manage Queue Parameters

    Edit the parameter remoteSite and change the Tab value to PLOSSYS

    Literature - easyPRIMA documentation

    As of version 1.10.1, easyPRIMA comes with a preconfigured remoteSite parameter for queues as described above. If you use an older version of easyPRIMA, add the parameter manually. For more information, refer to easyPRIMA, System Description, Chapter 12 Queue Data, Add Customer-Specific Parameters.

  2. Create a queue for the remote printer in easyPRIMA.

  3. In the PLOSSYS Parameters tab, set the following parameters:

    • Output Destination: IP address of the remote printer, for example 192.168.178.39
    • External location (for remote queues only): name of the remote site, for example Alabasta

    Remote site configuration

    Hint - no typos

    The name of the remote site has to be exactly the same as used to create the API keys and as specified in the mainland configuration.

  4. Confirm with Apply.

  5. Export the data to PLOSSYS Output Engine.

  6. Continue with Install the Remote Site Client.


Install the Remote Site Client

The remote site installer provides the seal-island-checkout service and writes the connection details to the registry.

  1. If authentication via client certificates is configured at the main site, the remote site needs a client certificate. When issuing a client certificate for a remote site, the name of the remote site has to be used as CN.

  2. On the remote site the client certificate and the private key have to be provided via environment variables:

    • CLIENT_CERT: File name with full path of the client certificate or the certificate content
    • CLIENT_KEY: File name with full path of the private key belonging to the client certificate or the key content
  3. Download the installation file for the seal-island-checkout from the SEAL Systems delivery platform onto the remote site client.

  4. Start the client installation.

  5. Enter the connection data:

    • API Key: leave blank
    • IV: leave blank
    • Secret: leave blank
    • Urls: URL of the Output Engine system, accessible from the outside
    • Remote Site: name of the remote site as used in the certificate as CN
  6. To test the connection, click Open Monitor after the installation is finished or call https://localhost:3002 in your browser.

    Open monitor


Modify the Remote Site Configuration

  1. Execute the installer for the seal-island-checkout again.

  2. Select Repair.

    Repair or remove installation

    Hint - Windows client

    When changing the seal-island-checkout on a Windows client using the Repair option, default values will be written into the registry instead of the changed data. To prevent that issue, uninstall the current client first, then install anew.

    Hint - no support

    SEAL Systems does not provide any support to distribute or manage these client certificates.


Delete a Remote Site

There are several ways how to delete a remote site:

  • Uninstall the seal-island-checkout at the client.

  • Delete the certificates or the environment variables CLIENT_CERT and CLIENT_KEY at the client.

  • Delete the remote printer in easyPRIMA or change its remoteSite parameter.


Back to top