Why am I getting a browser warning of ERR CERT COMMON NAME INVALID after updating the SSL certificate on EZproxy
Symptom
- Users are getting a web browser warning about the EZproxy SSL certificate right after SSL certificate was updated. The warning is ERR_CERT_COMMON_NAME_INVALID
- The EZproxy prefix being used for HTTPS does not start with login. https://cptest.idm.oclc.org/login?url= is an example.
- The SSL certificate being used does not include the exact EZproxy name in either the CN or SAN fields only the wildcard entry is present.
Applies to
- EZproxy all versions
Resolution
Here is what you need to do to fix the issue:
- Update the SSL certificate to include both the exact EZproxy name and also the wild card of the EZproxy name. Using the example about *.cptest.idm.oclc.org and cptest.idm.oclc.org must be present on the SSL certificate. It does not matter which value is in which field just both must be present or https://cptest.idm.oclc.org/login?url= will generate the ERR_CERT_COMMON_NAME_INVALID browser warning
Additional information
The EZproxy prefix can also be updated to https://login. to resolve this issue as well.