Installing Security Certificates


For the installation of the YSoft Universal PCL driver, which is part of YSoft SafeQ FlexiSpooler, both in server and client mode, there are two certificates needed for an installation and the third one for smooth installation without additional interaction.

These certificates are:

This driver will be installed only on the following Windows versions: Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, Windows 8, Windows 8.1, Windows 10.


Troubleshooting Trust Errors

In order to install the YSoft SafeQ FlexiSpooler component, the Windows environment has to have the Thawte Primary Root CA certificate installed. This may already be present on the server as Thawte is a third-party certification authority commonly trusted in most systems. However, if the certificate is missing for some reason, installation of the component will result in the following pop-up errors:

Error 0x800f0247:

images/download/attachments/160481250/driver-failure.png

Error 0x00000709:

images/download/thumbnails/160481250/driver-failure2.png

As of now, installers do not fail the overall installation when these errors occur, but the component will NOT work properly, therefore consider the installation as failed.

If you happen to encounter these errors, uninstall the product, install the certificates as described further on, and install the product again.

Installing thawte-root.cer and vsign-universal-root.cer into Trusted Root Certification Authorities

  1. Find the Thawte Primary Root CA and VeriSign Universal Root Certification Authority certificates, located, e.g., in the Certificates folder in the YSoft SafeQ installation package (Complete pack).

  2. Double-click the downloaded files thawte-root.cer and sign-universal-root.cer on the machine where you want to install YSoft SafeQ FlexiSpooler. The following window should appear.

    images/download/attachments/160481250/thawte-root-double.png and images/download/attachments/160481250/image2018-2-27_12-41-1.png

  3. Click Install Certificate... The following window should appear

    images/download/attachments/160481250/thawte-root-install.png

  4. Select Local Machine and click Next

    images/download/attachments/160481250/thawte-root-store.png

  5. Select Place all certificates in the following store and click Browse...

  6. Select Trusted Root Certification Authorities

    images/download/thumbnails/160481250/thawte-root-browse.png

  7. Click OK and Next

    images/download/attachments/160481250/thawte-root-complete.png

  8. Click Finish

    images/download/attachments/160481250/thawte-root-finished.png

  9. Repeat these steps for second certificate.

Automated (Silent) Installation

If you plan an automated installation, it is required to have the Y Soft Corporation, a.s. codesigning CA certificate present in the system. Otherwise, you will be prompted to confirm trusting Y Soft Corporation, a.s. software. The confirmation looks like this:

images/download/attachments/160481250/screenshot-1.png

In order to prevent this Windows Security popup, import the certificate into all the environments where you want to install the product.

Installing ysoft-codesigning.cer on Trusted Publishers

The process is basically the same as with the previous certificate, except the location:

  1. Find the Y Soft Corporation, a.s. codesigning CA certificate, located in the Certificates folder in the YSoft SafeQ installation package (Complete pack).

  2. Double-click the downloaded file ysoft-codesigning.cer on the machine where you want to install YSoft SafeQ FlexiSpooler

  3. Click Install Certificate...

  4. Select Local Machine and click Next

  5. Select Place all certificates in the following store and click Browse...

  6. Select Trusted Publishers

    images/download/attachments/160481250/ysoft-codesigning-browse.png

  7. Click OK and Next

  8. Click Finish

    images/download/attachments/160481250/thawte-root-finished.png

Mass Deployment of Certificates

If the certificates are needed on all environments where you want to deploy the product, you may prefer to install them automatically using PowerShell:

&certutil -addstore -enterprise -user root c:\thawte-root.cer
&certutil -addstore -enterprise -user root c:\vsign-universal-root.cer
&certutil -addstore -enterprise -user trustedpublisher c:\ysoft-codesigning.cer

For installation of certificates through GPO, read more here.

For other options, read more here.