Skip to content

Commit 7cc2891

Browse files
committed
cert renew
1 parent 6b0838c commit 7cc2891

7 files changed

Lines changed: 330 additions & 23 deletions

File tree

QZ_TRAY_CERTIFICATE_SOLUTION.md

Lines changed: 111 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,111 @@
1+
# QZ Tray Certificate Error - Complete Solution
2+
3+
## Current Status
4+
5+
✅ Certificate files created in `C:\Users\IRWIN\.qz\`
6+
✅ QZ Tray stopped
7+
✅ Frontend code updated
8+
9+
## The Real Issue
10+
11+
QZ Tray shows "Invalid Certificate" and "Untrusted website" because it's using **certificate-based authentication**, and your self-signed certificate is not in its trust store.
12+
13+
## Solution: Two Approaches
14+
15+
### Approach 1: Click "Allow" in QZ Tray Dialog (Recommended)
16+
17+
Even with override.crt, **QZ Tray will show the warning dialog on first connection**. This is normal behavior.
18+
19+
**What to do:**
20+
21+
1. Start QZ Tray (search in Start Menu)
22+
2. Open your POS app and try to print
23+
3. **When QZ Tray shows the certificate warning:**
24+
-**Click "Allow"** or **"Advanced" → "Allow this website"**
25+
-**Check "Remember this decision"** or **"Always allow"**
26+
4. The error will not appear again
27+
28+
This is the expected workflow for self-signed certificates.
29+
30+
---
31+
32+
### Approach 2: Disable Certificate Validation (Development Only)
33+
34+
If you want to completely bypass certificate validation for development:
35+
36+
**Manual QZ Tray Configuration:**
37+
38+
1. Close QZ Tray completely
39+
2. Edit QZ Tray preferences:
40+
- Windows: `C:\Users\<Username>\.qz\qz-tray.properties`
41+
3. Add this line:
42+
```
43+
security.require.certificate=false
44+
```
45+
4. Save and restart QZ Tray
46+
47+
**WARNING:** Only use this for local development. Never in production.
48+
49+
---
50+
51+
### Approach 3: Use QZ Tray's Community Certificate (Production)
52+
53+
For production use without warnings:
54+
55+
1. Go to https://qz.io/developers/
56+
2. Sign up for free community certificate
57+
3. Download their certificate
58+
4. Replace your current keys with QZ's certificate
59+
5. Update `digital-certificate.txt`
60+
61+
**No more warnings ever!**
62+
63+
---
64+
65+
## Why override.crt Alone Isn't Enough
66+
67+
The `override.crt` file tells QZ Tray "I trust this certificate" but QZ Tray **still shows a warning dialog** for security. You must:
68+
69+
1. Have the override file (✅ done)
70+
2. **Manually click "Allow" on first connection** ← YOU NEED TO DO THIS
71+
72+
After clicking "Allow" once, QZ Tray remembers your choice and won't ask again.
73+
74+
---
75+
76+
## Summary
77+
78+
**The "Invalid Certificate" error is expected** with self-signed certificates.
79+
80+
**What you must do:**
81+
82+
1. ✅ Start QZ Tray
83+
2. ✅ Open POS app
84+
3. ✅ Try to print
85+
4.**Click "Allow" in the QZ Tray dialog**
86+
5. ✅ Check "Remember this decision"
87+
88+
**That's it!** The error won't appear again.
89+
90+
---
91+
92+
## Alternative: Check if QZ Tray is Blocking
93+
94+
Run this command to check QZ Tray status:
95+
96+
```powershell
97+
Test-NetConnection localhost -Port 8182
98+
```
99+
100+
If it fails, QZ Tray is not running or blocked by firewall.
101+
102+
---
103+
104+
## Still Having Issues?
105+
106+
Check browser console (F12) for specific errors:
107+
108+
- "Failed to sign request" → Backend issue
109+
- "Certificate not valid" → Need to click Allow
110+
- "QZ Tray not connected" → QZ Tray not running
111+
- "Signature verification failed" → Wrong certificate
Lines changed: 22 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -1,9 +1,22 @@
1-
-----BEGIN PUBLIC KEY-----
2-
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy/OpxoKbZJpOw4nE0xJE
3-
bho9KeFhFmzw2gWmx5QnFYdDzftscUKxz57UyQXsa4TNy59bwJVneJO5Q5fitXEz
4-
KChTrNNEvM46L718QKb6cebV0JpxDWJjsS3vJCJPnAXVB3tIbC6x8QisfI1LKmRH
5-
zwRg/WNPQP859QIImp7EkOB8PDYZzltzOO1IV59n2Tt2BBw5AbYjqgG3iTZMle5/
6-
Vz/zMemqBlkdPxKoeFoVCWFod7yNwl1jxnO+okz+Uy8tT8IgP08cFSysF/Xd17Uo
7-
BBiVmagM1PpJa+D+/BiAlpdJp9f0qq/d7NwzJCWG+ku4B5hc5Nvor/VraYPE2oLW
8-
HwIDAQAB
9-
-----END PUBLIC KEY-----
1+
-----BEGIN CERTIFICATE-----
2+
MIIDkzCCAnugAwIBAgIUe7vBt//6oKCvxM2f24EGp59x37IwDQYJKoZIhvcNAQEL
3+
BQAwWTELMAkGA1UEBhMCVVMxDjAMBgNVBAgMBVN0YXRlMQ0wCwYDVQQHDARDaXR5
4+
MQ8wDQYDVQQKDAZQT1NEaWMxGjAYBgNVBAMMEVBPU0RpYyBQT1MgU3lzdGVtMB4X
5+
DTI1MTIwOTA4MTIxNloXDTM1MTIwNzA4MTIxNlowWTELMAkGA1UEBhMCVVMxDjAM
6+
BgNVBAgMBVN0YXRlMQ0wCwYDVQQHDARDaXR5MQ8wDQYDVQQKDAZQT1NEaWMxGjAY
7+
BgNVBAMMEVBPU0RpYyBQT1MgU3lzdGVtMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
8+
MIIBCgKCAQEAy/OpxoKbZJpOw4nE0xJEbho9KeFhFmzw2gWmx5QnFYdDzftscUKx
9+
z57UyQXsa4TNy59bwJVneJO5Q5fitXEzKChTrNNEvM46L718QKb6cebV0JpxDWJj
10+
sS3vJCJPnAXVB3tIbC6x8QisfI1LKmRHzwRg/WNPQP859QIImp7EkOB8PDYZzltz
11+
OO1IV59n2Tt2BBw5AbYjqgG3iTZMle5/Vz/zMemqBlkdPxKoeFoVCWFod7yNwl1j
12+
xnO+okz+Uy8tT8IgP08cFSysF/Xd17UoBBiVmagM1PpJa+D+/BiAlpdJp9f0qq/d
13+
7NwzJCWG+ku4B5hc5Nvor/VraYPE2oLWHwIDAQABo1MwUTAdBgNVHQ4EFgQUv5vo
14+
KRbWw2+X4N4a4iK6bEJgcn4wHwYDVR0jBBgwFoAUv5voKRbWw2+X4N4a4iK6bEJg
15+
cn4wDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAJF7zr6rWHEmh
16+
W/Pd3fJFgvmjNDTMur+NtMMonKln/cWrdllgBaYmENwySxIl9ztZJ5hMoJan2idh
17+
WNl4sfRHEPKLP0GcwwnS1s6mQOhMUSr8Wu97GH8GhDAiVU8eOyAFzXwQA0mE7/Fy
18+
1qAKiUSnV6Ll0+t9bfnff6mCZoIpCCUdvVqDlBusLaFr5mEvnsSxdl7L+5cJ1OZp
19+
y9ypXmvPdCUMBcNK3L57BCeeltaWs0+hMAlu3i3hstRoOF3Qvw+awBPn88fFYhvh
20+
aztCh1yPM87T0URoowINnq431Ibpyj2pobGyBDbQMS6LuPkcubGw8y2bjuCEBAz+
21+
HoPry0iyCg==
22+
-----END CERTIFICATE-----

server/qz-certificate.crt

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,22 @@
1+
-----BEGIN CERTIFICATE-----
2+
MIIDkzCCAnugAwIBAgIUe7vBt//6oKCvxM2f24EGp59x37IwDQYJKoZIhvcNAQEL
3+
BQAwWTELMAkGA1UEBhMCVVMxDjAMBgNVBAgMBVN0YXRlMQ0wCwYDVQQHDARDaXR5
4+
MQ8wDQYDVQQKDAZQT1NEaWMxGjAYBgNVBAMMEVBPU0RpYyBQT1MgU3lzdGVtMB4X
5+
DTI1MTIwOTA4MTIxNloXDTM1MTIwNzA4MTIxNlowWTELMAkGA1UEBhMCVVMxDjAM
6+
BgNVBAgMBVN0YXRlMQ0wCwYDVQQHDARDaXR5MQ8wDQYDVQQKDAZQT1NEaWMxGjAY
7+
BgNVBAMMEVBPU0RpYyBQT1MgU3lzdGVtMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
8+
MIIBCgKCAQEAy/OpxoKbZJpOw4nE0xJEbho9KeFhFmzw2gWmx5QnFYdDzftscUKx
9+
z57UyQXsa4TNy59bwJVneJO5Q5fitXEzKChTrNNEvM46L718QKb6cebV0JpxDWJj
10+
sS3vJCJPnAXVB3tIbC6x8QisfI1LKmRHzwRg/WNPQP859QIImp7EkOB8PDYZzltz
11+
OO1IV59n2Tt2BBw5AbYjqgG3iTZMle5/Vz/zMemqBlkdPxKoeFoVCWFod7yNwl1j
12+
xnO+okz+Uy8tT8IgP08cFSysF/Xd17UoBBiVmagM1PpJa+D+/BiAlpdJp9f0qq/d
13+
7NwzJCWG+ku4B5hc5Nvor/VraYPE2oLWHwIDAQABo1MwUTAdBgNVHQ4EFgQUv5vo
14+
KRbWw2+X4N4a4iK6bEJgcn4wHwYDVR0jBBgwFoAUv5voKRbWw2+X4N4a4iK6bEJg
15+
cn4wDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAJF7zr6rWHEmh
16+
W/Pd3fJFgvmjNDTMur+NtMMonKln/cWrdllgBaYmENwySxIl9ztZJ5hMoJan2idh
17+
WNl4sfRHEPKLP0GcwwnS1s6mQOhMUSr8Wu97GH8GhDAiVU8eOyAFzXwQA0mE7/Fy
18+
1qAKiUSnV6Ll0+t9bfnff6mCZoIpCCUdvVqDlBusLaFr5mEvnsSxdl7L+5cJ1OZp
19+
y9ypXmvPdCUMBcNK3L57BCeeltaWs0+hMAlu3i3hstRoOF3Qvw+awBPn88fFYhvh
20+
aztCh1yPM87T0URoowINnq431Ibpyj2pobGyBDbQMS6LuPkcubGw8y2bjuCEBAz+
21+
HoPry0iyCg==
22+
-----END CERTIFICATE-----

src/app/services/qz-tray.service.ts

Lines changed: 10 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -49,15 +49,20 @@ export class QzTrayService {
4949
return;
5050
}
5151

52-
// Set certificate promise
53-
this.qz.security.setCertificatePromise((resolve: any, reject: any) => {
54-
resolve(this.certificateCache);
52+
// Set certificate promise - return as a function that returns a promise
53+
this.qz.security.setCertificatePromise(() => {
54+
return Promise.resolve(this.certificateCache || "");
5555
});
5656

57-
// Override certificate check for self-signed certificates (development/internal use)
58-
// Remove this in production if using a proper code signing certificate
57+
// Override certificate check for self-signed certificates
5958
this.qz.security.setSignatureAlgorithm("SHA512");
6059

60+
// Set trust built-in to allow localhost and local network
61+
if (this.qz.security.setTrustBuiltIn) {
62+
this.qz.security.setTrustBuiltIn(true);
63+
console.log("QZ Tray: Trust built-in enabled");
64+
}
65+
6166
// Set signing function using backend
6267
this.qz.security.setSignaturePromise((toSign: string) => {
6368
return (resolve: any, reject: any) => {

src/assets/digital-certificate.txt

Lines changed: 22 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -1,9 +1,22 @@
1-
-----BEGIN PUBLIC KEY-----
2-
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy/OpxoKbZJpOw4nE0xJE
3-
bho9KeFhFmzw2gWmx5QnFYdDzftscUKxz57UyQXsa4TNy59bwJVneJO5Q5fitXEz
4-
KChTrNNEvM46L718QKb6cebV0JpxDWJjsS3vJCJPnAXVB3tIbC6x8QisfI1LKmRH
5-
zwRg/WNPQP859QIImp7EkOB8PDYZzltzOO1IV59n2Tt2BBw5AbYjqgG3iTZMle5/
6-
Vz/zMemqBlkdPxKoeFoVCWFod7yNwl1jxnO+okz+Uy8tT8IgP08cFSysF/Xd17Uo
7-
BBiVmagM1PpJa+D+/BiAlpdJp9f0qq/d7NwzJCWG+ku4B5hc5Nvor/VraYPE2oLW
8-
HwIDAQAB
9-
-----END PUBLIC KEY-----
1+
-----BEGIN CERTIFICATE-----
2+
MIIDkzCCAnugAwIBAgIUe7vBt//6oKCvxM2f24EGp59x37IwDQYJKoZIhvcNAQEL
3+
BQAwWTELMAkGA1UEBhMCVVMxDjAMBgNVBAgMBVN0YXRlMQ0wCwYDVQQHDARDaXR5
4+
MQ8wDQYDVQQKDAZQT1NEaWMxGjAYBgNVBAMMEVBPU0RpYyBQT1MgU3lzdGVtMB4X
5+
DTI1MTIwOTA4MTIxNloXDTM1MTIwNzA4MTIxNlowWTELMAkGA1UEBhMCVVMxDjAM
6+
BgNVBAgMBVN0YXRlMQ0wCwYDVQQHDARDaXR5MQ8wDQYDVQQKDAZQT1NEaWMxGjAY
7+
BgNVBAMMEVBPU0RpYyBQT1MgU3lzdGVtMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
8+
MIIBCgKCAQEAy/OpxoKbZJpOw4nE0xJEbho9KeFhFmzw2gWmx5QnFYdDzftscUKx
9+
z57UyQXsa4TNy59bwJVneJO5Q5fitXEzKChTrNNEvM46L718QKb6cebV0JpxDWJj
10+
sS3vJCJPnAXVB3tIbC6x8QisfI1LKmRHzwRg/WNPQP859QIImp7EkOB8PDYZzltz
11+
OO1IV59n2Tt2BBw5AbYjqgG3iTZMle5/Vz/zMemqBlkdPxKoeFoVCWFod7yNwl1j
12+
xnO+okz+Uy8tT8IgP08cFSysF/Xd17UoBBiVmagM1PpJa+D+/BiAlpdJp9f0qq/d
13+
7NwzJCWG+ku4B5hc5Nvor/VraYPE2oLWHwIDAQABo1MwUTAdBgNVHQ4EFgQUv5vo
14+
KRbWw2+X4N4a4iK6bEJgcn4wHwYDVR0jBBgwFoAUv5voKRbWw2+X4N4a4iK6bEJg
15+
cn4wDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAJF7zr6rWHEmh
16+
W/Pd3fJFgvmjNDTMur+NtMMonKln/cWrdllgBaYmENwySxIl9ztZJ5hMoJan2idh
17+
WNl4sfRHEPKLP0GcwwnS1s6mQOhMUSr8Wu97GH8GhDAiVU8eOyAFzXwQA0mE7/Fy
18+
1qAKiUSnV6Ll0+t9bfnff6mCZoIpCCUdvVqDlBusLaFr5mEvnsSxdl7L+5cJ1OZp
19+
y9ypXmvPdCUMBcNK3L57BCeeltaWs0+hMAlu3i3hstRoOF3Qvw+awBPn88fFYhvh
20+
aztCh1yPM87T0URoowINnq431Ibpyj2pobGyBDbQMS6LuPkcubGw8y2bjuCEBAz+
21+
HoPry0iyCg==
22+
-----END CERTIFICATE-----

trust-qz-certificate.ps1

Lines changed: 51 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,51 @@
1+
# Quick QZ Tray Certificate Trust - Run this NOW
2+
# This will permanently trust your certificate in QZ Tray
3+
4+
$ErrorActionPreference = "Stop"
5+
6+
Write-Host ""
7+
Write-Host "========================================" -ForegroundColor Cyan
8+
Write-Host "QZ Tray Certificate Trust Setup" -ForegroundColor Cyan
9+
Write-Host "========================================" -ForegroundColor Cyan
10+
Write-Host ""
11+
12+
# Create .qz directory
13+
$qzDir = Join-Path $env:USERPROFILE ".qz"
14+
if (-not (Test-Path $qzDir)) {
15+
New-Item -ItemType Directory -Path $qzDir -Force | Out-Null
16+
Write-Host "✓ Created .qz directory" -ForegroundColor Green
17+
}
18+
19+
# Copy certificate
20+
$source = Join-Path $PSScriptRoot "server\public-key.pem"
21+
$dest = Join-Path $qzDir "override.crt"
22+
23+
if (Test-Path $source) {
24+
Copy-Item $source $dest -Force
25+
Write-Host "✓ Certificate copied to: $dest" -ForegroundColor Green
26+
Write-Host ""
27+
Write-Host "Certificate content:" -ForegroundColor Yellow
28+
Get-Content $dest
29+
Write-Host ""
30+
Write-Host "Override certificate created!" -ForegroundColor Green
31+
} else {
32+
Write-Host "ERROR: Cannot find $source" -ForegroundColor Red
33+
Write-Host "Current directory: $PSScriptRoot" -ForegroundColor Yellow
34+
Write-Host "Looking for: $source" -ForegroundColor Yellow
35+
exit 1
36+
}
37+
38+
Write-Host ""
39+
Write-Host "========================================" -ForegroundColor Cyan
40+
Write-Host "IMPORTANT - RESTART QZ TRAY NOW!" -ForegroundColor Yellow
41+
Write-Host "========================================" -ForegroundColor Cyan
42+
Write-Host ""
43+
Write-Host "1. Right-click QZ Tray icon in system tray" -ForegroundColor White
44+
Write-Host "2. Click Exit" -ForegroundColor White
45+
Write-Host "3. Start QZ Tray again from Start Menu" -ForegroundColor White
46+
Write-Host "4. Reload your browser (Ctrl+Shift+R)" -ForegroundColor White
47+
Write-Host ""
48+
Write-Host "The Untrusted website error will be gone!" -ForegroundColor Green
49+
Write-Host ""
50+
51+
Read-Host "Press Enter to exit"

verify-qz-certificate.ps1

Lines changed: 92 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,92 @@
1+
# Verify QZ Tray Certificate Setup
2+
3+
Write-Host "`n========================================" -ForegroundColor Cyan
4+
Write-Host "QZ Tray Certificate Verification" -ForegroundColor Cyan
5+
Write-Host "========================================`n" -ForegroundColor Cyan
6+
7+
$allGood = $true
8+
9+
# Check 1: User directory
10+
$userCert = "$env:USERPROFILE\.qz\override.crt"
11+
Write-Host "[1] User Config: $userCert" -ForegroundColor White
12+
if (Test-Path $userCert) {
13+
$content = Get-Content $userCert -Raw
14+
if ($content -match "BEGIN CERTIFICATE") {
15+
Write-Host " Status: OK (X.509 Certificate)" -ForegroundColor Green
16+
} else {
17+
Write-Host " Status: WRONG FORMAT (not a certificate)" -ForegroundColor Red
18+
$allGood = $false
19+
}
20+
} else {
21+
Write-Host " Status: NOT FOUND" -ForegroundColor Red
22+
$allGood = $false
23+
}
24+
25+
# Check 2: Program Files
26+
$progCert = "C:\Program Files\QZ Tray\override.crt"
27+
Write-Host "`n[2] Program Files: $progCert" -ForegroundColor White
28+
if (Test-Path $progCert) {
29+
$content = Get-Content $progCert -Raw
30+
if ($content -match "BEGIN CERTIFICATE") {
31+
Write-Host " Status: OK (X.509 Certificate)" -ForegroundColor Green
32+
} else {
33+
Write-Host " Status: WRONG FORMAT (not a certificate)" -ForegroundColor Red
34+
$allGood = $false
35+
}
36+
} else {
37+
Write-Host " Status: NOT FOUND (run admin script to copy)" -ForegroundColor Yellow
38+
}
39+
40+
# Check 3: Frontend asset
41+
$frontendCert = "src\assets\digital-certificate.txt"
42+
Write-Host "`n[3] Frontend Asset: $frontendCert" -ForegroundColor White
43+
if (Test-Path $frontendCert) {
44+
$content = Get-Content $frontendCert -Raw
45+
if ($content -match "BEGIN CERTIFICATE") {
46+
Write-Host " Status: OK (X.509 Certificate)" -ForegroundColor Green
47+
} else {
48+
Write-Host " Status: WRONG FORMAT" -ForegroundColor Red
49+
$allGood = $false
50+
}
51+
} else {
52+
Write-Host " Status: NOT FOUND" -ForegroundColor Red
53+
$allGood = $false
54+
}
55+
56+
# Check 4: QZ Tray running
57+
Write-Host "`n[4] QZ Tray Process" -ForegroundColor White
58+
$qzRunning = $false
59+
$javaw = Get-Process javaw -ErrorAction SilentlyContinue
60+
if ($javaw) {
61+
foreach ($proc in $javaw) {
62+
$cmdLine = (Get-CimInstance Win32_Process -Filter "ProcessId = $($proc.Id)" -ErrorAction SilentlyContinue).CommandLine
63+
if ($cmdLine -like "*qz-tray*") {
64+
Write-Host " Status: RUNNING (PID: $($proc.Id))" -ForegroundColor Yellow
65+
Write-Host " WARNING: Restart QZ Tray to load new certificate!" -ForegroundColor Red
66+
$qzRunning = $true
67+
$allGood = $false
68+
break
69+
}
70+
}
71+
}
72+
if (-not $qzRunning) {
73+
Write-Host " Status: Not running (good - start it now)" -ForegroundColor Green
74+
}
75+
76+
# Summary
77+
Write-Host "`n========================================" -ForegroundColor Cyan
78+
if ($allGood) {
79+
Write-Host "ALL CHECKS PASSED!" -ForegroundColor Green
80+
Write-Host "`nYou can now:" -ForegroundColor White
81+
Write-Host "1. Start QZ Tray" -ForegroundColor White
82+
Write-Host "2. Clear browser cache" -ForegroundColor White
83+
Write-Host "3. Test printing" -ForegroundColor White
84+
} else {
85+
Write-Host "SOME ISSUES FOUND" -ForegroundColor Yellow
86+
Write-Host "`nAction required:" -ForegroundColor White
87+
Write-Host "1. Restart QZ Tray if running" -ForegroundColor White
88+
Write-Host "2. Verify certificates are in X.509 format" -ForegroundColor White
89+
}
90+
Write-Host "========================================`n" -ForegroundColor Cyan
91+
92+
Read-Host "Press Enter to exit"

0 commit comments

Comments
 (0)