Might need this in config

Option IgnoreWildcardCertificate
--
Andy Nicpon
Network & Systems Engineer
Siena College Information Technology Services

515 Loudon Rd. Loudonville, NY 12211 *or* ***@siena.edu *or*
518-783-2354
*Siena College is a learning community advancing the ideals of a liberal
arts education, rooted in its identity as a Franciscan and Catholic
institution.*
CONFIDENTIALITY NOTICE: This e-mail, including any attachments, is for the
sole use of the intended recipient(s) and may contain confidential and
privileged information. Any unauthorized review, use, disclosure, or
distribution is prohibited. If you received this e-mail and are not the
intended recipient, please inform the sender by e-mail reply and destroy
all copies of the original message.

---
You are currently subscribed to ezproxy as: gee-***@m.gmane.org.
To unsubscribe, send request to ***@itec.suny.edu

I didn't see any error when I connected to the site, but there's apparently some redirects that make it difficult to tell.

Reading the warning in the email I guess my first question would be:

Did you have the cert cover both lib-e2.lib.ttu.edu & *.lib-e2.lib.ttu.edu, right? Wildcards only apply to one level of subdomains if I remember correctly. So if you didn't, there would likely be an error when you tried to do something like log into the menu or admin parts.

Perhaps if you posted information from the actual certificate?

Jon Gorman
University of Ilinois


---
You are currently subscribed to ezproxy as: gee-***@m.gmane.org.
To unsubscribe, send req

Thank you very much!!

Lynne

From: Nicpon, Andrew [mailto:***@siena.edu]
Sent: Friday, October 17, 2014 2:47 PM
To: EZProxy discussion list
Subject: Re: [ezproxy] Problems With SSL Certificate Errors

Might need this in config

Option IgnoreWildcardCertificate

On Fri, Oct 17, 2014 at 3:36 PM, Edgar, Lynne <***@ttu.edu<mailto:***@ttu.edu>> wrote:

Hello, All:

We are experiencing SSL certificate warnings when trying to access electronic resources. OCLC is hosting EZP for us now, and suddenly we are receiving warnings when searching on and off campus. Here is the certificate warning:

[cid:***@01CFEA19.9F7F3630]

We haven’t made any new changes to the config.txt file except to add stanzas. We have even regenerated the SSL certificate and had it installed by OCLC. That didn’t work. We had OCLC load an intermediary certificate, and that didn’t work either.

Any thoughts or suggestions? Maybe you have seen this behavior? I am new to the list.

Any assistance is appreciated!

Lynne
Lynne Edgar
Systems Librarian
Texas Tech University Libraries
Box 40002
Lubbock TX 79409
***@ttu.edu<mailto:***@ttu.edu>
806-742-0846<tel:806-742-0846>




You are currently subscribed to ezproxy as: ***@siena.edu<mailto:***@siena.edu>.
To unsubscribe, send request to ***@itec.suny.edu<mailto:***@itec.suny.edu>
--
Andy Nicpon
Network & Systems Engineer
Siena College Information Technology Services

515 Loudon Rd. Loudonville, NY 12211 or ***@siena.edu<mailto:***@siena.edu> or 518-783-2354
Siena College is a learning community advancing the ideals of a liberal arts education, rooted in its identity as a Franciscan and Catholic institution.
CONFIDENTIALITY NOTICE: This e-mail, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you received this e-mail and are not the intended recipient, please inform the sender by e-mail reply and destroy all copies of the original message.

You are currently subscribed to ezproxy as: ***@ttu.edu<mailto:***@ttu.edu>.
To unsubscribe, send request to ***@itec.suny.edu<mailto:***@itec.suny.edu>

---
You are currently subscribed to ezproxy as: gee-***@m.gmane.org.
To unsubscribe, send request to ***@itec.suny.edu

It sounds like something is incorrect on your certificate or the NAME
variable or INTERFACE is set incorrectly in the config.txt

You can get lots of information about your certificate status and errors
at this test SSL tes site.
https://www.ssllabs.com/ssltest/
--
Gary Oliver

TECH SUPPORT STAFF
SOJOURNER TRUTH LIBRARY
STATE UNIVERSITY of NEW YORK at NEW PALTZ
300 HAWK DR
NEW PALTZ, NY 12561-2493

***@newpaltz.edu <mailto:***@newpaltz.edu> 845-257-3704
*Working Hours :*

OFF: *Sunday & Monday*
Tuesday - Thursday: *11 am to 7 pm*
Friday & Saturday: *1 pm to 9 pm*


------------------------------------------------------------------------

---
You are currently subscribed to ezproxy as: gee-***@m.gmane.org.
To unsubscribe, send request to ***@itec.suny.edu

I see two errors when I try https://lib-e2.lib.ttu.edu/

* The certificate is not trusted because no issuer chain was provided.
* The certificate is only valid for *.lib-e2.lib.ttu.edu

The second error can be bypassed by appending login to the URL:
https://login.lib-e2.lib.ttu.edu

The second relates to the issuer. I see these values in the certificate:
CN = InCommon RSA Server CA
OU = InCommon
O = Internet2
L = Ann Arbor
ST = MI
C = US


UCF also use InCommon for EZproxy. Our values are:
CN = InCommon Server CA
OU = InCommon
O = Internet2
C = US

Hope this helps.
Athena

From: Edgar, Lynne [mailto:***@ttu.edu]
Sent: Friday, October 17, 2014 3:36 PM
To: EZProxy discussion list
Subject: [ezproxy] Problems With SSL Certificate Errors


Hello, All:

We are experiencing SSL certificate warnings when trying to access electronic resources. OCLC is hosting EZP for us now, and suddenly we are receiving warnings when searching on and off campus. Here is the certificate warning:

[cid:***@01CFEA21.D2F1B530]

We haven’t made any new changes to the config.txt file except to add stanzas. We have even regenerated the SSL certificate and had it installed by OCLC. That didn’t work. We had OCLC load an intermediary certificate, and that didn’t work either.

Any thoughts or suggestions? Maybe you have seen this behavior? I am new to the list.

Any assistance is appreciated!

Lynne
Lynne Edgar
Systems Librarian
Texas Tech University Libraries
Box 40002
Lubbock TX 79409
***@ttu.edu<mailto:***@ttu.edu>
806-742-0846




You are currently subscribed to ezproxy as: ***@ucf.edu<mailto:***@ucf.edu>.
To unsubscribe, send request to ***@itec.suny.edu<mailto:***@itec.suny.edu>

---
You are currently subscribed to ezproxy as: gee-***@m.gmane.org.
To unsubscribe, send request to ***@itec.suny.edu

Yes it looks like Option IgnoreWildcardCertificate

A wild card certificate does not cover the base domain name by default.
You have to buy a wild card certificate that cover the base name with a
Subjest Alternate Name. Such as Godaddy provides for free by the way.

If you recently installed a wildcard certificate with out the base name
covered that would mean the login URL would have to be changed from the
base URL to a sub domain called login.
From lib-e2.lib.ttu.edu/login...
to login.lib-e2.lib.ttu.edu/login...
--
Gary Oliver

TECH SUPPORT STAFF
SOJOURNER TRUTH LIBRARY
STATE UNIVERSITY of NEW YORK at NEW PALTZ
300 HAWK DR
NEW PALTZ, NY 12561-2493

***@newpaltz.edu <mailto:***@newpaltz.edu> 845-257-3704
*Working Hours :*

OFF: *Sunday & Monday*
Tuesday - Thursday: *11 am to 7 pm*
Friday & Saturday: *1 pm to 9 pm*


------------------------------------------------------------------------

---
You are currently subscribed to ezproxy as: gee-***@m.gmane.org.
To unsubscribe, send request to ***@itec.suny.edu

Thank you, Jon,

The certificate may not cover the wildcard and the non-wildcard instances. I'll check into this.

Lynne

-----Original Message-----
From: Gorman, Jon [mailto:***@illinois.edu]
Sent: Friday, October 17, 2014 2:49 PM
To: EZProxy discussion list
Subject: RE:[ezproxy] Problems With SSL Certificate Errors


I didn't see any error when I connected to the site, but there's apparently some redirects that make it difficult to tell.

Reading the warning in the email I guess my first question would be:

Did you have the cert cover both lib-e2.lib.ttu.edu & *.lib-e2.lib.ttu.edu, right? Wildcards only apply to one level of subdomains if I remember correctly. So if you didn't, there would likely be an error when you tried to do something like log into the menu or admin parts.

Perhaps if you posted information from the actual certificate?

Jon Gorman
University of Ilinois


---
You are currently subscribed to ezproxy as: ***@ttu.edu.
To unsubscribe, send request to ***@itec.suny.edu

---
You are currently subscribed to ezproxy as: gee-***@m.gmane.org.
To unsubscri

Thank you so much for your help. The link is great.

Lynne

From: oliverg [mailto:***@newpaltz.edu]
Sent: Friday, October 17, 2014 2:55 PM
To: EZProxy discussion list
Subject: Re: [ezproxy] Problems With SSL Certificate Errors


It sounds like something is incorrect on your certificate or the NAME variable or INTERFACE is set incorrectly in the config.txt

You can get lots of information about your certificate status and errors at this test SSL tes site.
https://www.ssllabs.com/ssltest/
On 10/17/2014 3:36 PM, Edgar, Lynne wrote:

Hello, All:

We are experiencing SSL certificate warnings when trying to access electronic resources. OCLC is hosting EZP for us now, and suddenly we are receiving warnings when searching on and off campus. Here is the certificate warning:

[cid:***@01CFEA1D.DCDA5100]

We haven’t made any new changes to the config.txt file except to add stanzas. We have even regenerated the SSL certificate and had it installed by OCLC. That didn’t work. We had OCLC load an intermediary certificate, and that didn’t work either.

Any thoughts or suggestions? Maybe you have seen this behavior? I am new to the list.

Any assistance is appreciated!

Lynne
Lynne Edgar
Systems Librarian
Texas Tech University Libraries
Box 40002
Lubbock TX 79409
***@ttu.edu<mailto:***@ttu.edu>
806-742-0846




You are currently subscribed to ezproxy as: ***@newpaltz.edu<mailto:***@newpaltz.edu>.
To unsubscribe, send request to ***@itec.suny.edu<mailto:***@itec.suny.edu>
--
Gary Oliver

TECH SUPPORT STAFF
SOJOURNER TRUTH LIBRARY
STATE UNIVERSITY of NEW YORK at NEW PALTZ
300 HAWK DR
NEW PALTZ, NY 12561-2493

***@newpaltz.edu<mailto:***@newpaltz.edu> 845-257-3704
Working Hours :

OFF: Sunday & Monday
Tuesday - Thursday: 11 am to 7 pm
Friday & Saturday: 1 pm to 9 pm

________________________________

You are currently subscribed to ezproxy as: ***@ttu.edu<mailto:***@ttu.edu>.
To unsubscribe, send request to ***@itec.suny.edu<mailto:***@itec.suny.edu>

---
You are currently subscribed to ezproxy as: gee-***@m.gmane.org.
To unsubscribe, send request to ***@itec.suny.edu

Thank you, Athena,

Lynne

From: Athena Hoeppner [mailto:***@ucf.edu]
Sent: Friday, October 17, 2014 2:56 PM
To: EZProxy discussion list
Subject: RE:[ezproxy] Problems With SSL Certificate Errors

I see two errors when I try https://lib-e2.lib.ttu.edu/

* The certificate is not trusted because no issuer chain was provided.
* The certificate is only valid for *.lib-e2.lib.ttu.edu

The second error can be bypassed by appending login to the URL:
https://login.lib-e2.lib.ttu.edu

The second relates to the issuer. I see these values in the certificate:
CN = InCommon RSA Server CA
OU = InCommon
O = Internet2
L = Ann Arbor
ST = MI
C = US


UCF also use InCommon for EZproxy. Our values are:
CN = InCommon Server CA
OU = InCommon
O = Internet2
C = US

Hope this helps.
Athena

From: Edgar, Lynne [mailto:***@ttu.edu]
Sent: Friday, October 17, 2014 3:36 PM
To: EZProxy discussion list
Subject: [ezproxy] Problems With SSL Certificate Errors


Hello, All:

We are experiencing SSL certificate warnings when trying to access electronic resources. OCLC is hosting EZP for us now, and suddenly we are receiving warnings when searching on and off campus. Here is the certificate warning:

[cid:***@01CFEA1F.6D296970]

We haven’t made any new changes to the config.txt file except to add stanzas. We have even regenerated the SSL certificate and had it installed by OCLC. That didn’t work. We had OCLC load an intermediary certificate, and that didn’t work either.

Any thoughts or suggestions? Maybe you have seen this behavior? I am new to the list.

Any assistance is appreciated!

Lynne
Lynne Edgar
Systems Librarian
Texas Tech University Libraries
Box 40002
Lubbock TX 79409
***@ttu.edu<mailto:***@ttu.edu>
806-742-0846




You are currently subscribed to ezproxy as: ***@ucf.edu<mailto:***@ucf.edu>.
To unsubscribe, send request to ***@itec.suny.edu<mailto:***@itec.suny.edu>

You are currently subscribed to ezproxy as: ***@ttu.edu<mailto:***@ttu.edu>.
To unsubscribe, send request to ***@itec.suny.edu<mailto:***@itec.suny.edu>

---
You are currently subscribed to ezproxy as: gee-***@m.gmane.org.
To unsubscribe, send request to ***@itec.suny.edu