SSL Encryption

When using web applications, data is transferred from the web browser to the server and vice versa. You can use SLL (Secure Sockets Layer) in order to encrypt this data transfer. The encryption depth includes the certificate used.

Please note that a certificate is required for the web server in order to be able to use the encrypted data transfer option. This is also required on the client computer if the print jobs are to be transmitted with encryption from a workstation computer to the server with encryption, see Encrypted Printing.

Due to the increasing need for security in data transmission, the use of certificates and the establishment of encryption methods is also becoming increasingly complex. Therefore, the setup should be done in close cooperation with your contact person for encryption.

You must have a certificate in order to use SSL encryption. You can obtain a certificate for this purpose from the certification authority (e.g. VersiSign) (available in different security levels). You will then receive

  • a .crt or .pem file (certificate) and
  • a .key file (key).

You can also create certificates yourself, which eliminates license fees. However, web browsers might categorize these certificates as non-trusted certificates, since they will not have been issued by a root certification authority. This can result in safety warnings being displayed when the IQ4docs web interface is opened.

A certificate without Perfect Forward Secrecy (PFS) must be used (the certificate must be supported by JAVA ME 1.4). Older device models might not be able to handle all encryption levels. It is best to acquire a certificate from an official certificate authority.

The encryption method (protocol, e.g. TLS) for transmission between IQ4docs components can be set in the system area, see Security.

The communication of the IQ4docs components (microservices executed by IIS and RabbitMQ) as well as the call of the web interface in the browser can be encrypted (call with https://), see SSL transmission between IQ4docs components and to the browser.

Encryption of transmission to and from e-mail servers can be encrypted. For sending e-mails, this is set at E-mail: Setting up SMTP or Exchange. For receiving, set this where the settings for querying a mailbox are made, e.g. for E-MailPrint at Print Inputs (RAW, LPR, IPP, e-mail, folder).

The protocol type is negotiated automatically. If there are problems with this, the protocol type can be fixed in the LocalService.config of the NotificationService. The entry below sets the protocol type to TLS 1.2:

<add key="TlsVersion" value="Tls12" />

Protocol type Description
SystemDefault Allows the operating system to select the most appropriate protocol and block insecure protocols. Unless there is a specific reason in your application not to do so, you should use this value. This is the default setting, just as if the <add key="TlsVersion"... entry did not exist at all.
Ssl3 Specifies the SSL (Secure Socket Layer) 3.0 security protocol. SSL 3.0 has been replaced by the Transport Layer Security (TLS) protocol and is provided for backward compatibility only.
Tls Specifies the TLS (Transport Layer Security) 1.0 security protocol. The TLS 1.0 protocol is defined in IETF RFC 2246.
Tls11 Specifies the TLS (Transport Layer Security) 1.1 security protocol. The TLS 1.1 protocol is defined in IETF RFC 4346. On Windows systems, this value is supported from Windows 7 onwards.
Tls12 Specifies the TLS (Transport Layer Security) 1.2 security protocol. The TLS 1.2 protocol is defined in IETF RFC 5246. On Windows systems, this value is supported from Windows 7 onwards.

Print jobs can be transmitted in encrypted form and can also be cached in encrypted form, see Encrypted Printing.

Setting up the fleet management requires specification of the URL to the fleet management. This must be accessed with HTTPS if the services of IQ4docs communicate with encryption, see also Fleet Management.

If IQ4docs is set up for encrypted transmission, communication with SimpleClicks must also be encrypted. Then enter the URL to the fleet management with HTTPS and store the SSL certificate in SimpleClicks, see Fleet Management.

The certificate used for IQ4docs can be exported with the IIS Manager for this purpose. For SimpleClicks the name and password of the certificate is very important.

  • In the IIS Manager, click the server name and open the Server Certificates area.

  • Select the certificate and choose Export...

  • In the dialog that opens, specify the certificate name via ... . The file name must correspond to the name of the certificate, e.g. server03.domain.en.pfx.

  • For Password, enter simpleclicks (any other password will not work) and export the certificate by clicking OK.

Import the exported certificate into SimpleClicks.

  • Log in to the web interface of SimpleClicks and open the System Settings. Select the Agent Settings tab.

  • In the Agent Certificates section, click Generate New Certificate. A new certificate will be generated - but we do not want to use this one.

  • Click Upload PKSS12 Certificate. Select the exported certificate and specify the password simpleclicks (the new certificate will be replaced).

  • Then, in the Agent Network section, select the HTTPS Enabled checkbox and save the changes with the checkmark at the top.