For security reasons encryption should be used to prevent document disclosure. In that case, we have to encrypt the traffic between the CUPS server. This post outlines the steps to do the same.
1. CUPS is a standards-based, open-source printing system. On CentOS/RHEL during the installation of the cups packages, a certificate and the corresponding key is generated and stored in the directory /etc/cups/ssl.
# ls -la /etc/cups/ssl total 12 drwx------. 2 root lp 42 Nov 26 2019 . drwxr-xr-x. 5 root lp 4096 Oct 5 07:31 .. -rw-------. 1 root lp 1257 Feb 6 2020 server.crt -rw-------. 1 root lp 1704 Feb 6 2020 server.key
This is a self-signed certificate, but a public signed certificate can be used.
2. This certificate usage should be defined on /etc/cups/cups-files.conf.
... # SSL/TLS certificate for the scheduler... #ServerCertificate ssl/server.crt # SSL/TLS private key for the scheduler... #ServerKey ssl/server.key ...
3. To enable SSL, encoment the “ServerCertificate” and “ServerKey” options and restart cups service.
... # SSL/TLS certificate for the scheduler... ServerCertificate ssl/server.crt # SSL/TLS private key for the scheduler... ServerKey ssl/server.key ...
To restart the CUPS service:
# systemctl restart cups
Printer configuration
To configure a printer to use encryption the “ipps” protocol should be used instead of “ipp”. For example, to print to remoter server [PRINT_SERVER] on printer queue [SECURE_PRINTER].
# lpadmin -p [SECURE_PRINTER] -E -v ipps://[PRINT_SERVER]:631/printers/[SECURE_PRINTER]
To use the printer:
$ lp -d [SECURE_PRINTER] [FILE]