SSL Certificate Renewal

The following information is valid for EZproxy 2.0e or later.

Certificates

Before you proceed, you should review SSL Certificate Options for information on how remote browsers will respond based on the type of certificate you setup.

Procedure

The following instructions explain how to renew an SSL certificate. As you work through these renewal instructions, your server will continue to use its existing SSL certificate. When you reach the final point where you have a new certificate and it is ready for use, you will explicitly tell EZproxy to switch over to the new certificate.

  1. Edit user.txt/ezproxy.usr and add a line similar to this:
    someuser: somepass:admin
    You can pick any username for someuser and any password for somepass. You will use this account to login to EZproxy with administrative access.
  2. Login to your EZproxy server using a URL like:
    http:// ezproxy.yourlib.org:2048/login
    changing ezproxy.yourlib.org:2048 to the hostname and port of your EZproxy server and using the username and password that were created in the first step.

    If you use CGI processing, you will need to login to your EZproxy server using a URL like:

    http:// ezproxy.yourlib.org:2048/login?user= someuser&pass= somepass
  3. Go to a URL like:
    http:// ezproxy.yourlib.org:2048/ssl
    to access a list of your SSL certiifcate. Locate the certificate you want to renew and click on it.
  4. In newer releases of EZproxy, an option to copy the certificate will appear.

    If you use a self-signed certificate or if you want to change any of the information in the existing certificate, you must generate a new certificate request so skip to the next step.

    If everything is correct and you are purchasing a certificate, you can use the copy option create a duplicate certificate signing request to use for renewal. If your certificate vendor has sent you an updated certificate based on your original order, you can skip to the step for applying your certificate.

    If you did not receive a new certificate directly from your certificate vendor or if you want to submit the order to a new vendor, you can copy the certificate signing request from this page and submit it to your vendor, then skip to the step for applying your certificate.

  5. If you do not have the option to copy your certificate or if you want to change any information on the certificate, you will NOT be able to use a new certificate sent directly from your certificate authority based on your original request, but will have to generate a new certificate signing request.

    To do this, return to the main SSL page and select the option to create a new certificate. On this page, you must fill in your two-letter country code, your unabbreviated state or province (e.g. Arizona not AZ), your organization, your e-mail address, and you may fill in the optional fields as well.

    You must now decide whether you want to use a self-signed certificate or purchase a certificate from a certificate authority.

    A self-signed certificate is free, but will cause a browser warning when people access your EZproxy server. To select this option, click on the Self-Signed Certificate option. If necessary, correct errors, then select this option again. Once this is complete, skip to the step for activating your certificate.

    If you choose to purchase a certificate from a certificate authority, you should click on Certificate Signing Request. If necessary, correct errors and click Certificate Signing Request again. Once this is complete, you will need to go to your certificate authority and start the process to purchase a certificate. When purchasing, if you are asked for your web server type, select Apache+ModSSL or just Apache as either is directly compatible with EZproxy.

    When you are asked for your certificate signing request, copy everything between the BEGIN CERTIFICATE REQUEST and END CERTIFICATE REQUEST lines, including all the hyphens, and paste this into the box provided by your certificate authority.

  6. Once you get your certificate back from the certificate authority (this may be a few minutes to a few days later), use the from above to return to:

    http:// ezproxy.yourlib.org:2048/ssl

    and click on your certificate signing request, then paste the certificate into box provided and click Save. EZproxy should accept the certificate. If it does, the Certificate Details page will display. If your certificate authority provides a certificate authority file, you can enter this on the Certificate Details page. With the Certificate Details page open still open, proceed to the next step.

  7. On the Certificate Details page, when you are ready to make the new certificate the main certificate for your server, follow the on-screen instructions to make the certificate active.