Installing Security Certificates

For the installation of the YSoft Universal PCL driver, which is part of Dispatcher Paragon FlexiSpooler, both in server and client mode, there are two certificates needed for a smooth installation.

These certificates are:

  • VeriSign Universal Root Certification Authority(vsign-universal-root.cer) and Thawte Primary Root CA (thawte-root.cer) for Troubleshooting trust errors

  • Thawte SHA256 Code Signing CA (thawte-codesigningCA.cer)

  • Konica Minolta, Inc. codesigning CA (ysoft-codesigning.cer) for Automated (silent) installation

This component will be installed only on the following Windows versions: Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, Windows 8, Windows 8.1, Windows 10.

Troubleshooting Trust Errors

In order to install the Dispatcher Paragon FlexiSpooler component, the Windows environment has to have the Thawte Primary Root CA certificate installed. This may already be present on the server as Thawte is a third-party certification authority commonly trusted in most systems. However, if the certificate is missing for some reason, installation of the component will result in the following pop-up errors:

Error 0x800f0247:

images/download/attachments/153630107/driver-failure.png

Error 0x00000709:

images/download/thumbnails/153630107/driver-failure2.png

As of now, installers do not fail the overall installation when these errors occur, but the component will NOT work properly, therefore consider the installation as failed.

If you happen to encounter these errors, uninstall the product, install the certificates as described further on, and install the product again.

Installing thawte-root.cer and vsign-universal-root.cer into Trusted Root Certification Authorities

  1. Find the Thawte Primary Root CA and VeriSign Universal Root Certification Authority certificates, located, e.g., in the Certificates folder in the Dispatcher Paragon installation package (Complete pack).

  2. Double-click the downloaded files thawte-root.cer and sign-universal-root.cer on the machine where you want to install Dispatcher Paragon FlexiSpooler. The following window should appear.

    images/download/attachments/153630107/thawte-root-double.png and images/download/attachments/153630107/image2018-2-27_12-41-1.png

  3. Click Install Certificate... The following window should appear

    images/download/attachments/153630107/thawte-root-install.png

  4. Select Local Machine and click Next

    images/download/attachments/153630107/thawte-root-store.png

  5. Select Place all certificates in the following store and click Browse...

  6. Select Trusted Root Certification Authorities

    images/download/thumbnails/153630107/thawte-root-browse.png

  7. Click OK and Next

    images/download/attachments/153630107/thawte-root-complete.png

  8. Click Finish

    images/download/attachments/153630107/thawte-root-finished.png

  9. Repeat these steps for second certificate.

Installing thawte-codesigningCA.cer into Intermediate Certification Authorities

  1. Find the Thawte SHA256 Code Signing CA certificate, located, e.g., in the Certificates folder in the Dispatcher Paragon installation package (Complete pack).

  2. Double-click the downloaded file thawte-codesigningCA.cer on the machine where you want to install Dispatcher Paragon FlexiSpooler. The following window should appear

    images/download/attachments/153630107/image2018-2-27_12-40-12.png

  3. Click Install Certificate... The following window should appear

    images/download/attachments/153630107/thawte-root-install.png

  4. Select Local Machine and click Next

    images/download/attachments/153630107/thawte-root-store.png

  5. Select Place all certificates in the following store and click Browse...

  6. Select Intermediate Certification Authorities
    images/download/thumbnails/153630107/image2018-2-27_12-44-50.png

  7. Click OK and Next

    images/download/thumbnails/153630107/image2018-2-27_12-46-33.png

  8. Click Finish

    images/download/attachments/153630107/thawte-root-finished.png

Automated (Silent) Installation

If you plan an automated installation, it is required to have the Konica Minolta, Inc. codesigning CA certificate present in the system. Otherwise, you will be prompted to confirm trusting Konica Minolta, Inc. software. The confirmation looks like this:

images/download/attachments/153630107/screenshot-1.png

In order to prevent this Windows Security popup, import the certificate into all the environments where you want to install the product.

Installing ysoft-codesigning.cer on Trusted Publishers

The process is basically the same as with the previous certificate, except the location:

  1. Find the Konica Minolta, Inc. codesigning CA certificate, located in the Certificates folder in the Dispatcher Paragon installation package (Complete pack).

  2. Double-click the downloaded file ysoft-codesigning.cer on the machine where you want to install Dispatcher Paragon FlexiSpooler

  3. Click Install Certificate...

  4. Select Local Machine and click Next

  5. Select Place all certificates in the following store and click Browse...

  6. Select Trusted Publishers

    images/download/attachments/153630107/ysoft-codesigning-browse.png

  7. Click OK and Next

  8. Click Finish

    images/download/attachments/153630107/thawte-root-finished.png

Mass Deployment of Certificates

Since the certificates need to be installed on all environments where you want to deploy the product, you may prefer to install them automatically using PowerShell:

&certutil -addstore -enterprise -user root c:\thawte-root.cer
&certutil -addstore -enterprise -user root c:\vsign-universal-root.cer
&certutil -addstore -enterprise -user "CA" c:\thawte-codesigningCA.cer
&certutil -addstore -enterprise -user trustedpublisher c:\ysoft-codesigning.cer

For installation of certificates through GPO, read more here.

For other options, read more here.