Installing Security Certificates
For the installation of the YSoft Universal PCL driver, which is part of YSoft SafeQ FlexiSpooler, both in server and client mode, there are two certificates needed for an installation and the third one for smooth installation without additional interaction.
These certificates are:
VeriSign Universal Root Certification Authority (vsign-universal-root.cer), seeTroubleshooting trust errors
Thawte Primary Root CA (thawte-root.cer), see Troubleshooting trust errors
Y Soft Corporation, a.s. codesigning CA (ysoft-codesigning.cer) used for smooth installation or unattended installation, see Automated (silent) installation
This driver will be installed only on the following Windows versions: Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, Windows 8, Windows 8.1, Windows 10.
Troubleshooting Trust Errors
In order to install the YSoft SafeQ FlexiSpooler component, the Windows environment has to have the Thawte Primary Root CA certificate installed. This may already be present on the server as Thawte is a third-party certification authority commonly trusted in most systems. However, if the certificate is missing for some reason, installation of the component will result in the following pop-up errors:
Error 0x800f0247:
Error 0x00000709:
As of now, installers do not fail the overall installation when these errors occur, but the component will NOT work properly, therefore consider the installation as failed.
If you happen to encounter these errors, uninstall the product, install the certificates as described further on, and install the product again.
Installing thawte-root.cer and vsign-universal-root.cer into Trusted Root Certification Authorities
Find the Thawte Primary Root CA and VeriSign Universal Root Certification Authority certificates, located, e.g., in the Certificates folder in the YSoft SafeQ installation package (Complete pack).
Double-click the downloaded files thawte-root.cer and sign-universal-root.cer on the machine where you want to install YSoft SafeQ FlexiSpooler. The following window should appear.
and
Click Install Certificate... The following window should appear
Select Local Machine and click Next
Select Place all certificates in the following store and click Browse...
Select Trusted Root Certification Authorities
Click OK and Next
Click Finish
Repeat these steps for second certificate.
Automated (Silent) Installation
If you plan an automated installation, it is required to have the Y Soft Corporation, a.s. codesigning CA certificate present in the system. Otherwise, you will be prompted to confirm trusting Y Soft Corporation, a.s. software. The confirmation looks like this:
In order to prevent this Windows Security popup, import the certificate into all the environments where you want to install the product.
Installing ysoft-codesigning.cer on Trusted Publishers
The process is basically the same as with the previous certificate, except the location:
Find the Y Soft Corporation, a.s. codesigning CA certificate, located in the Certificates folder in the YSoft SafeQ installation package (Complete pack).
Double-click the downloaded file ysoft-codesigning.cer on the machine where you want to install YSoft SafeQ FlexiSpooler
Click Install Certificate...
Select Local Machine and click Next
Select Place all certificates in the following store and click Browse...
Select Trusted Publishers
Click OK and Next
Click Finish
Mass Deployment of Certificates
If the certificates are needed on all environments where you want to deploy the product, you may prefer to install them automatically using PowerShell:
&certutil
-addstore
-enterprise
-user
root c:\thawte
-root
.cer
&certutil
-addstore
-enterprise
-user
root c:\vsign
-universal
-root
.cer
&certutil
-addstore
-enterprise
-user
trustedpublisher c:\ysoft
-codesigning
.cer
For installation of certificates through GPO, read more here.
For other options, read more here.