Renew your SSL certificate

Discover how to renew an SSL certificate as a self-hosted EZproxy library. As you work through these renewal instructions, your server will continue to use its existing SSL certificate. When you reach the final point where you have a new certificate and it is ready for use, you will explicitly tell EZproxy to switch over to the new certificate.

 Note: OCLC auto-renews SSL certificates for hosted EZproxy libraries. Contact OCLC Support if you have any questions.

Certificates

Before you proceed, you should review SSL certificate options for information on how remote browsers will respond based on the type of certificate you set up.

Procedure

  1. Edit user.txt and add a line similar to this:
    someuser:somepass:admin
    You can use any username for someuser and any password for somepass. You will use this account to log in to EZproxy with administrative access.
  2. Login to your admin URL.
  3. Go to your Manage SSL URL.
  4. Locate the certificate you want to renew and click on it.
  5. In newer releases of EZproxy, an option to copy the certificate will appear.
    • If you use a self-signed certificate or if you want to change any of the information in the existing certificate, you must generate a new certificate request so skip to the next step.
    • If everything is correct and you are purchasing a certificate, you can use the copy option create a duplicate certificate signing request to use for renewal. If your certificate vendor has sent you an updated certificate based on your original order, you can skip to the step for applying your certificate.
    • If you did not receive a new certificate directly from your certificate vendor or if you want to submit the order to a new vendor, you can copy the certificate signing request from this page and submit it to your vendor, then skip to the step for applying your certificate.
  6. If you do not have the option to copy your certificate or if you want to change any information on the certificate, you will not be able to use a new certificate sent directly from your certificate authority based on your original request, but will have to generate a new certificate signing request.
    To do this:
    • Return to the main SSL page and select the option to create a new certificate.
    • Fill in your two-letter country code, your unabbreviated state or province (e.g. Arizona not AZ), your organization, your e-mail address, and you may fill in the optional fields as well.
    • Decide whether you want to use a self-signed certificate or purchase a certificate from a certificate authority.
      • A self-signed certificate is free, but will cause a browser warning when people access your EZproxy server. To select this option, click on the Self-Signed Certificate option. If necessary, correct errors, then select this option again. Once this is complete, skip to the step for activating your certificate.
      • If you choose to purchase a certificate from a certificate authority, you should click on Certificate Signing Request. If necessary, correct errors and click Certificate Signing Request again. Once this is complete, you will need to go to your certificate authority and start the process to purchase a certificate. When purchasing, if you are asked for your web server type, select Apache+ModSSL or just Apache as either is directly compatible with EZproxy.
  7. Once you get your certificate back from the certificate authority (this may take few minutes to a few days):
    1. Return to http://ezproxy.yourlib.org/ssl
    2. Click on your certificate signing request, then paste the certificate into box provided
    3. Click Save. EZproxy should accept the certificate. If it does, the Certificate Details page will display. If your certificate authority provides a certificate authority file, you can enter this on the Certificate Details page. With the Certificate Details page open still open, proceed to the next step.
  8. On the Certificate Details page, when you are ready to make the new certificate the main certificate for your server, follow the on-screen instructions to make the certificate active.