Certificate name: Must be a wildcard entry containing "*.", for example, *.Your certificate must contain the following: If you are using EZproxy V6.0.8 or earlier, EZproxy will not use the SAN field when looking for domains. Wildcard Certificates and EZproxy V6.0.8 and Earlier If you are generating a self-signed certificate, you can select any combination of entries for these fields because all self-signed certificates generate browser warnings. If your CSA requires you to enter your server's wildcard name in the SAN field, you must be running EZproxy V6.1 or later. For details about these fields and other optional fields, refer to your certificate authority's documentation. The options you select in these fields will depend upon the requirements of your Certificate Signing Authority (CSA). Subject Alternate Name: The name(s) that will appear in the SAN field of your certificate.Certificate name: The name that will appear in the CN field of your certificate.If EZproxy is configured to Proxy by Hostname and you are running EZproxy V6.1 or later, you will also see the following options. Wildcard Certificates and EZproxy V6.1 and Later Administrator email: your email address.State or Province: your unabbreviated state or province (e.g.In the Create New SSL Certificate form, when creating a new certificate for both Proxy by Port and Proxy by Hostname configurations, you must fill in the following required information.On the SSL management page, click Create New SSL Certificate.This page is referred to as the SSL management page throughout the rest of this document. From the EZproxy administration page, under the Miscellaneous heading, click on Manage SSL (https) certificates.If you use CAS, CGI, or Shibboleth for user authentication, please consult EZproxy Administration for additional steps that are required to access the administration page. Using the admin username and password entered in your config.txt. Login to your EZproxy server at your admin URL:.If you use a firewall, you may also need to configure it to allow access to the port you select. In this case, you will need to either set up two separate IP addresses on your server, or you will need to pick an alternate number such as: If you already have a secure web server running on the same system as EZproxy, it will already be using port 443. If you are using proxy by hostname, or if you are using proxy by port and want to use https to encrypt user login processing, edit config.txt and add the line:Ĥ43 is the preferred number as this is the standard port for use with https. In all of these examples, in any location where appears, you should substitute your own EZproxy server name and port. The following instructions explain how to configure EZproxy to enable https support. If you purchase a certificate, make certain that you are backing up your EZproxy installation, and particularly the ssl subdirectory because if you lose these files, you may have to pay to replace the certificate. If you are using Proxy by Hostname, a wildcard certificate will ensure your users do not see browser warnings during login or when proxying https web sites.įor more information on differences in browser behavior, consult SSL Certificate Options.If you are using Proxy by Port, you do not need a wildcard certificate.You must also determine whether to use a wildcard certificate. A certificate purchased from a Certificate Signing Authority will allow a user to access https URLs without browser warnings.Users can choose to ignore the browser warning and move on to the resource. A self-signed certificate is free, but will cause a browser warning when people access your EZproxy server.You must decide whether you want to use a self-signed certificate or purchase a certificate from a certificate authority. EZproxy allows you to generate self-signed certificates or to request certificates from a certificate authority such as VeriSign, Thawte, etc.
0 Comments
Leave a Reply. |