Print Server - # print requests

[alx...@gmail.com]

Hello,

We currently use QZ tray with tablet and networked printers.

We are thinking of moving to android tablet so understand we need to use the print server. There is not information about what its supports https://qz.io/wiki/print-server

Will the print server be fine with 8 simultaneous print requests to 8 different printers, this is extreme use situation its most likely a label being printed every 5 seconds

Alex

[Tres Finocchiaro]

Will the print server be fine with 8 simultaneous print requests to 8 different printers

Yes.

If using HTTPS, you'll need to shim a trusted SSL certificate per https://qz.io/wiki/print-server#remove-localhost-bindings (quoted below as a courtesy).

Remove Localhost Bindings
HTTPS: The steps provided in this section illustrate how to create a certificate for a secure (HTTPS) connection. These steps are not needed for connections made via HTTP.
For secure websockets support (HTTPS), QZ Tray generates a certificate for localhost traffic at install time called root-ca.crt. In order for QZ Tray to run on a separate machine, the hostname (usually "localhost") must exist in the certificate. This is an override which is done by running a custom script.
Optional: Organizations wishing to use a Trusted CA SSL certificate can do so by manually shimming it into the software.

 

- Tres.Fin...@gmail.com

--
You received this message because you are subscribed to the Google Groups "qz-print" group.
To unsubscribe from this group and stop receiving emails from it, send an email to qz-print+u...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[alx...@gmail.com]

Great Tres thanks for the info :)

[Alex]

Hi Tres,

Im not totally sure i can follow the guide, sorry !

What i am not clear about is copying to the client. We are trying to print from Android tablets and here it not mention of this in there. 

Cheers Alex

[Tres Finocchiaro]

The print-server deployment for Android requires a CA-Trusted SSL certificate to be installed for the Java websocket.

For PEM formatted key and cert, the instructions for this are here: https://github.com/qzind/tray/pull/89

Android CANNOT use a self-signed cert.  It's that simple.  Any attempts to do so will not work.  This is a decision of Google, not us.

- Tres.Fin...@gmail.com

[Alex]

Hello Tres,

Thanks as always for the speedy reply.

So i have checked the guide below and im sorry but it raised more questions than it answers.

(1) From the information below i understand that i will need to load a certificate and private key into the install of QZ tray that is going to act as the server. I will do so using open SSL for windows. Does this then mean nothing needs to be done on the android devices that will be connecting to the QZ Tray server installation ?

(2) Im not sure how to get certificates (fullchain.pem & privkey.pem) in the correct format letsencrypt does seem to be something i cant simply get the keys out of ( especially on a windows machine ).

For normal SSL for a server i would generate CSR on the server and then purchase from ssls.com. However in this kind of situation there is no where to generate the CSR, were do i get this ? I checked and if i can get the SSL from ssls.com it looks like it would be in the correct format, but not totally sure.

https://helpdesk.ssls.com/hc/en-us/articles/204093372-What-are-certificate-formats-and-what-is-the-difference-between-them-

Thanks and sorry 

Alex

[Tres Finocchiaro]

Alex,

If you're a premium customer, please reach out to sup...@qz.io.

Obtaining CA-Trusted SSL certs are something that should be escalated through their own channels, not through the QZ community support.

There are many tutorials online describing how to convert from one format (e.g. PFX/P12) to another (e.g. PEM).  Java is very specific about its own private key format, so we simply expect PEM formatted CERT and KEY (which is what LetsEncrypt defaults to) so that the QZ Tray's websocket (8181) can use this for trusted communication.

You are correct, the Android device does not need to be visited for any of these steps.

Note, if you have an MDM solution in-house that manages the Android devices, the Trusted SSL steps may be avoidable but we do not have any further information on MDM.

- Tres.Fin...@gmail.com