PDFCreator Server: Distribution of PDFCreator printer drivers to clients
Microsoft has been trying to secure the Windows printer service against a vulnerability since 2021. However, this patch (also known as the Nightmare patch) causes problems when clients want to connect to a PDFCreator network printer (or network printers from other manufacturers) as usual. Depending on the operating system, this leads to different error messages when connecting.
It is therefore necessary to pre-distribute the pdfforge certificate on these client computers in order to be able to install the PDFCreator printer drivers.
The following steps are necessary for this:
After installing PDFCreator Server, the certificate can be exported on the server. To do this, proceed as follows:
Start the certificate manager from the control panel (certmgr.msc).
Navigate to Trusted Publishers → Certificates. From there, right-click on the pdfforge certificate, then select All Tasks and then export.
After that, click Next and export the certificate in the DER format as in the following image.
There are various options for importing the certificate on the client computer.
- With the help of a group policy. The description of how to proceed is described by Microsoft. https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/deployment/distribute-certificates-to-client-computers-by-using-group-policy
- With a Powershell command (in one line):
Import-Certificate -Filepath. \ Pdfforge_certificate.cer -CertStoreLocation Cert: \ LocalMachine \ TrustedPublisher
- Via the command line:
certutil.exe -addstore TrustedPublisher pdfforge_certificate.cer
- Via the certificate manager: The import is started by double-clicking on the certificate. The certificate can be checked again in this view. Then click on Install certificate, select Local Machine, then under Place all certificates in the following store → select Trusted Publishers, then click on Finish confirm the import process.
Note: If the certificate expires soon, the time of signing is important. If the certificate was valid at the time the PDFCreator printer driver was signed, the printer drivers are also validly signed.