Configuring Ricoh SOP - Terminal Server CA installation

Note that this prompt will appear only if a certificate has not been installed before and SSL communication is enabled.

If Terminal Server communicates with the SOP application over SSL/TLS, then CA certificate of Terminal Server must be installed into SOP application.

In case you have problems with SSL/TLS communication, it can be switched off entirely. This is, however, not recommended in a production environment.

To switch off the SSL/TLS, change the Dispatcher Paragon configuration property dsSslEnabled to 'false'. This option is enabled by default.

During terminal installation Terminal Server pushes its root certificate into the SOP application. However, it is not installed automatically. Administrator needs to confirm installation manually on MFD. SOP will display the following prompt:

images/download/attachments/284929191/ca-installation-I-version-1-modificationdate-1599041419790-api-v2.png

images/download/attachments/284929191/ca-installation-version-1-modificationdate-1599041419830-api-v2.png

Administrator needs to confirm certificate installation. The certificate name is set by default as a Common Name (CN) of the CA certificate, but it can be changed arbitrarily. If Administrator does not confirm certificate installation then the SOP application will display warning to users about invalid certificate (unless the certificate is signed with publicly trusted CA).

You can repeatedly launch this prompt by reinstalling terminal in the management interface (eg. if CA used for signing Terminal Server certificate is changed).

Installing custom CA from SD card

The automatic procedure mentioned above installs CA certificate which is used to sign Terminal Server certificate.

However, there are use cases where you need to install a CA certificate manually:

  1. Terminal Server uses a self-signed certificate or CA that MFD doesn't trust

  2. When installing a G3 device

  3. When the automatic installation fails

To install the CA on the MFD, you will need to have the CA in .CRT format. This can be obtained e.g. using a web browser.

How to obtain the CA using Chromium web browser

1. Go to https://<domain_name>:5022/ts/v1/hello
Replace <domain_name> with Terminal Server IP address/domain

2. Click on View site information (left of the URL bar) / Connection is secure / Certificate is valid

images/download/attachments/284929191/image-2023-11-22_11-9-56-version-1-modificationdate-1700647797063-api-v2.png

images/download/attachments/284929191/image-2023-11-22_11-10-25-version-1-modificationdate-1700647825220-api-v2.png

3. Open Details tab / Select the topmost certificate in the Certificate Hierarchy (e.g. "Generated CA") / Click Export...

images/download/thumbnails/284929191/certificate_export-version-1-modificationdate-1702284579073-api-v2.png

4. Save the .CRT file on a SD card.

How to install the CA from SD card on the device

The trust store can be viewed when you login as an administrator on the device - User Tools / Screen Features / Security / Trusted credentials. The trusted certificates that are not shipped with the MFDs are on the User tab.

  1. Login as device administrator

  2. Go to User Tools / Screen Features / Security / Install from SD card

    images/jira.app.ysoft.com/secure/attachment/89755/89755_image-2023-10-16-14-25-03-561.png


    images/jira.app.ysoft.com/secure/attachment/89751/89751_image-2023-10-16-14-27-29-561.png


    images/jira.app.ysoft.com/secure/attachment/89753/89753_image-2023-10-16-14-27-13-485.png


    images/jira.app.ysoft.com/secure/attachment/89750/89750_image-2023-10-16-14-27-44-359.png



  3. You can verify that the CA is installed under Trusted credentials

    images/download/attachments/284929191/TS_CA_cert-version-1-modificationdate-1702314424193-api-v2.png

Disable checking SSL Error (no prompt for certificate installation)

images/download/attachments/284929191/image-2023-12-12_9-20-21-version-1-modificationdate-1702369221480-api-v2.png

  1. Open Web Browser NX.

    images/download/attachments/284929191/dashboard-version-1-modificationdate-1702286991323-api-v2.png
  2. Open Settings by clicking on the Cogwheel button next to the Home button.

  3. Open Security Settings.

    images/download/attachments/284929191/BrowserNX_settings-version-1-modificationdate-1702287048517-api-v2.png
  4. On Check SSL Error select Do not Check.

    images/download/attachments/284929191/do_not_check_ssl_error-version-1-modificationdate-1702287152127-api-v2.png