Skip to main content

Setting Up Your Epson ePOS Receipt Printer

Your CloudFFL system is served over a secure HTTPS connection. Because of this, your browser requires that your receipt printer also communicate securely before it will allow the two to talk to each other. This is a one-time setup — once it's done on a computer, that computer can print receipts without any extra steps.

This guide covers the full setup for the Epson ePOS series of receipt printers (TM-T20, TM-T88, TM-m30, and similar models).

Who does this? This is a one-time IT or manager setup task — not something your cashiers need to do. Plan for about 5 minutes per computer.
Browser recommendation:
  • On a Mac → use Safari for your POS. Chrome on Mac has a known limitation with Epson printer certificates (explained at the bottom of this page).
  • On Windows → use Chrome or Edge. Both work reliably with this setup.

What You'll Need

  • The printer's IP address (check your router or the printer's network settings printout)
  • The printer's serial number (printed on the label on the bottom of the printer)
  • Access to the computer(s) you'll use for POS

Step 1: Download the Certificate from the Printer

Your Epson printer has a built-in web page for configuration. You'll log in and download its security certificate from there.

  1. On any computer on your network, open your browser and go to https://[your-printer-ip] (for example: https://192.168.1.100). You'll see a security warning — this is expected at this step.
  2. Click Advanced and then Proceed to [IP address] to get past the warning.
  3. You'll be prompted to log in. Enter:
    • ID: epson
    • Password: your printer's serial number (found on the label on the bottom of the printer)
  4. You'll land on the EPSON dashboard with several tiles: Wi-Fi, Wi-Fi Direct, Print Settings, Firmware Update, and Advanced Settings. Click Advanced Settings.
  5. At the top of the next page, click the Network Security tab (next to Status).
  6. In the left panel, click SSL/TLS, then click Certificate underneath it.
  7. Under Self-signed Certificate, click the Download button. Save the file to your Desktop — it will download as a .crt or .pem file.
No Self-signed Certificate showing? If the Download button isn't there, the printer doesn't have a certificate yet. Click Create first, fill in the printer's IP as the Common Name, set the validity period to the maximum available, click Create, then restart the printer and return to this step.

Step 2: Install the Certificate on Each POS Computer

Do this once on every computer that will be used to run POS. Choose the instructions for your operating system below.

On a Mac (recommended browser: Safari)

  1. Double-click the certificate file you downloaded. Keychain Access will open automatically.
  2. In the sidebar on the left, click System (not Login).
  3. Find the Epson certificate in the list — it will be named after your printer (for example, EPSONA311A0) and shown as a Root certificate authority. It will have a red note: "This root certificate is not trusted" — that's what we're about to fix.
  4. Double-click the certificate to open its details window.
  5. If the Trust section isn't already expanded, click the arrow next to it.
  6. Change When using this certificate to Always Trust. The sub-categories below (SSL, S/MIME, IPsec, etc.) will automatically follow.
  7. Close the window. macOS will prompt for your Mac password — enter it to save the trust settings.
  8. Quit and relaunch Safari completely (Cmd+Q, not just closing the window).
Why Safari on Mac? Chrome on macOS has a stricter certificate validation rule that Epson's built-in certificates don't meet. Safari handles them just fine. If you need Chrome on Mac, see the Using Chrome on a Mac section at the bottom of this page.

On Windows (Chrome or Edge)

  1. Right-click the certificate file you downloaded and select Install Certificate.
  2. When asked where to install it, select Local Machine and click Next. Approve the admin prompt if one appears.
  3. Select Place all certificates in the following store, then click Browse.
  4. Select Trusted Root Certification Authorities and click OK.
  5. Click Next, then Finish. You should see a confirmation that the import was successful.
  6. Close and relaunch your browser completely.
Chrome and Edge on Windows both use the Windows certificate store, so installing it once covers both browsers. Firefox uses its own store — if you use Firefox, you'll need to import the certificate separately under Firefox Settings → Privacy & Security → Certificates → Import.

Step 3: Configure the Printer in CloudFFL POS Settings

  1. Log into CloudFFL and go to Point of Sale → Configuration → Settings.
  2. Scroll down to the Connected Devices section and find the Epson Printer field.
  3. Enter just the printer's IP address — for example: 192.168.1.100. Do not include https:// — CloudFFL adds the protocol automatically.
  4. Click Save.
Common mistake: If you paste in https://192.168.1.100, the connection will fail because CloudFFL prepends https:// behind the scenes — you'd end up with https://https://192.168.1.100. Just the IP, nothing else.

Step 4: Test the Printer

  1. Open a POS session.
  2. The printer connection should establish automatically. If you see a test print or the session opens without a printer error, you're all set.
Testing tip: Complete a small $0.00 or voided test transaction to confirm the receipt actually prints before opening for the day.

Using Chrome on a Mac (Advanced)

If you specifically need to run POS in Chrome on a Mac, you'll hit a "Your connection is not private" warning when POS tries to talk to the printer — even after installing the certificate. This isn't a setup mistake — it's a limitation of how Chrome on macOS validates certificates. (Technically: Chrome requires a "Subject Alternative Name" field that Epson's self-signed certificates don't include. Safari is more lenient and accepts the certificate normally.)

Two ways to work around it:

Option A: Per-session bypass (quick, has to be re-done)

The trick is to manually visit the printer's IP in Chrome first and tell Chrome to ignore the certificate warning for this session. Once you've done that, Chrome will allow POS to talk to the printer for as long as that browser session is open.

  1. In Chrome, open a new tab and go directly to https://[your-printer-ip] — for example, https://192.168.1.100. You'll see the "Your connection is not private" warning page.
  2. Click anywhere on that warning page so it has focus. Do not look for an input field — there isn't one.
  3. Type the phrase thisisunsafe on your keyboard. Chrome listens for those exact keystrokes anywhere on the warning page.
  4. The page will reload and you'll see the printer's web interface (or a login prompt). That's your confirmation the bypass worked.
  5. Now open a new tab, go to CloudFFL POS, and open your session. The printer will connect normally and you can print receipts.
This bypass only lasts as long as the current Chrome session. If you fully quit Chrome (Cmd+Q) and relaunch it, you'll need to repeat steps 1–4 before printing again. For day-to-day POS use, Safari is the better answer on Mac.

Option B: Use Safari (recommended)

Switch your POS computers to Safari. Once the certificate is trusted in Keychain (from Step 2), Safari connects to the printer cleanly with no warnings or workarounds.

Troubleshooting

  • "Your connection is not private" in Chrome on a Mac? This is a known limitation — see the Using Chrome on a Mac section above. The fix is to use Safari, or use the thisisunsafe bypass.
  • "Your connection is not private" in Chrome or Edge on Windows?
    • Make sure you fully closed and relaunched the browser after installing the certificate — not just closed the tab.
    • Verify the certificate landed in Trusted Root Certification Authorities, not Personal. Open certmgr.msc from the Start menu to check.
    • If it still fails, try importing through Chrome's own certificate manager: go to chrome://settings/certificatesAuthorities tab → Import, and select the same certificate file.
  • Printer IP changed? If your printer gets a new IP address, you'll need to update the URL in POS settings. Consider setting a static IP for your printer in your router settings to avoid this.
  • Printer was factory reset? A factory reset wipes the certificate. You'll need to create a new one in the printer web interface and re-install it on all POS computers.
  • Multiple printers? Repeat Steps 1–2 for each printer, then configure each one separately in POS settings.
Back to top