The main use of SSL certificates by EZproxy is to support secure web access with https. EZproxy can use https to secure login pages accessed by your users and to proxy access to licensed content that uses https in the URL.
This page will guide you through the steps required to create an SSL certificate and activate it for use by EZproxy.
These features of EZproxy use the OpenSSL Toolkit. The EZproxy program files contain the OpenSSL routines required by EZproxy, so no separate library files need to be downloaded to provide this functionality.
If you are already using an SSL certificate with EZproxy and need to renew that certificate, refer to SSL Certificate Renewal for more information.
EZproxy allows you to generate self-signed certificates or to request certificates from a certificate authority such as ipsCA, VeriSign, Thawte, etc. You must decide whether you want to use a self-signed certificate or purchase a certificate from a certificate authority. A self-signed certificate is free, but will cause a browser warning when people access your EZproxy server. For more information on differences in browser behavior, consult SSL Certificate Options.
If you purchase a certificate, make certain that you are backing up your EZproxy installation, and particularly the ssl subdirectory because if you lose these files, you may have to pay to replace the certificate.
If you find this directive, it indicates that your EZproxy server may be using a wildcard certificate that was created outside of EZproxy and imported manually. This option can interfere with certificates created within EZproxy. If you find this directive and you are planning to create a certificate from within EZproxy, you should delete this directive.
Replace someuser and somepass with the username and password you will use to log in to EZproxy with administrative access. You will use these login credentials to enable your SSL certificate in EZproxy.
The following instructions explain how to configure EZproxy to enable https support. In all of these examples, in any location where http://ezproxy.yourlib.org:2048 appears, you should substitute your own EZproxy server name and port.
443 is the preferred number as this is the standard port for use with https. However, if you already have a secure web server running on the same system as EZproxy, it will already be using port 443. In this case, you will need to either setup two separate IP addresses on your server, or you will need to pick an alternate number such as:
If you use a firewall, you may also need to configure it to allow access to the port you select.
using the admin username and password entered in your config.txt. If you use CAS, CGI, or Shibboleth for user authentication, please consult EZproxy Administration for additional steps that are required to access the administration page.
You will need to submit this text to your certificate authority.
-----BEGIN CERTIFICATE REQUEST-----
-----END CERTIFICATE REQUEST-----
In addition to the certificate for your server, the certificate authority may also provide intermediate or chained certificates. At this point, you should only be working with the certificate that has been issued for your server.
|You will be unable to save a certificate if you:
||Why this is a problem
||A certificate is bound to a key that is created as part of the original CSR and cannot be applied to any other CSR. If you make this mistake, you will need to resubmit the new CSR to your certificate authority and ask them to use it to replace your certificate.|
||Again, certificates are bound to their original CSR, so this process will fail. If you have an existing certificate that was not requested using the EZproxy CSR request generator, click Import Existing SSL Certificate on the SSL management page to enter existing certificates.
This page last revised: April 17, 2015