Cloud printer security

Cloud printer security certificates help you secure your printing system in regulated environments.

Securing your Zebra cloud printers prevents your users from printing on uncertified printers and prevents hackers from spoofing your printer identities to access your print streams. To secure your cloud printers, you create Certificate Authority (CA) files in OpenSSL or other certificate generation tools, certify your individual cloud printers with your CAs, upload your CA certificate files to Control Center, and enable self-signed printer certificates. If your uploaded CAs signed your printer certificates, you can connect and print on your secured cloud printers.

[Important] Important

Printer certificates work with Zebra Link-OS printers (5.2 and newer). For complete instructions for securing your printers, consult Zebra's PrintSecure Administration Files page, which includes applicable printer models, and downloadable administration files. Follow the PrintSecure Printer Administration Guide instructions on how to create and use CAs and printer client certificates. Cloud printer security options for other printer manufacturers will be available in future releases.

24_cloud_printers1.png

Enable self-signed printer certificates in Control Center > Administration > Cloud Printers Security.

Secure your cloud printers with self-signed certificates
  1. Create your Certificate Authority (CA) to create and validate multiple individual printer certificates. You create your CA only once in open SSL or other tools.

    CAs you create include a CA certificate file with your CA information and a corresponding private signing key.

    [Note] Note

    You can choose how long your certificates are valid.

  2. Use your CA to create printer certificates for printers you want to use. All your printers need unique printer certificates and their own corresponding private keys to prove their certification is valid. Use your CA to create the individual printer certificates you upload on your printers.

    [Note] Note

    Each certificate you create includes 3 types of files:

    • .csr - certificate request you use to create your certificates.

    • .crt or .cer - your certificate file with a public key.

    • .key - certificate private key.

  3. Upload your certificates to your printers. Upload the certificates and corresponding private keys to your printers and restart your printers.

    See more information about Zebra certificates on the Zebra PrintSecure page.

  4. Upload your CA certificate file to your list of trusted certificate authorities in Control Center. Use the certificate file from your CA that signed your printer client certificates for all your printers, not certificate files from individual printers. Your uploaded trusted CA file verifies the certificates you upload on your individual printers and allows your printers to connect and print.

    Because you use your CA to create your printer certificates and your CA signed all your unique printer certificates, you can connect and print. If you add or update your printers with the same CA, you don’t need to make any updates in Control Center.

    add_new_CA.jpg
    1. Go to Control Center > Administration > Cloud Printers Security > Trusted Certificate Authorities and click Add. The Add New Trusted Certificate Authority window opens.

    2. Click Select file and browse to Upload your CA certificate file.

    3. Name your CA. This name appears on your list of trusted certificate authorities.

    4. Click Save. Your CA uploads and appears on your list of trusted certificate authorities in Control Center.

  5. Enable certificates in Control Center. With your CA uploaded, go to Control Center > Administration > Cloud Printers Security and toggle Enable self-signed printer certificates to restrict your system to only connect and print on certified printers.

    When you enable using self-signed printer certificates in Loftware, printers without valid certificates cannot connect and print.

    [Caution] Caution

    To avoid potential production downtime, make sure you upload your CA certificate file to Control Center and upload your certificates to printers before you toggle Enable self-signed printer certificates.

    Changes you make to this page may take up to two minutes to appear in your system.

    Once enabled, you can only print on certified printers from Loftware Cloud.

    enable_cloud_printer_security.jpg
  6. Optional: To view or update your uploaded CA information, click a CA name from your list to open your CA page:

    CA_uploaded.jpg
  7. Optional: to remove CAs from your list in Control Center > Administration > Cloud Printers Security > Trusted Certificate Authorities, select your CA and click Delete. Any connected cloud printers certified with CAs you delete can no longer be certified and can no longer connect and print when you toggle Enable self-signed printer certificates.

    delete_CA.jpg

Your certified self-signed printers are secured and ready to use.