Ezproxy Certificate Error

EZproxy Security FAQ EZproxy Security FAQ The following FAQ provide details about EZproxy V5.7.44 and before. For the most ezproxy wildcard certificate up-to-date information on EZproxy security issues, see EZproxy & OpenSSL and ezproxy ssl certificate SSL Configuration. There are many SSL/TLS-related configuration options in EZproxy. When do I use Option EnableSSLv3, Option ezproxy ssl certificate renewal DisableSSLv2, and SSLCipherSuite? By default, EZproxy V5.7.44 disables SSL 3 and enables SSL2; however it also supports TLS 1.0. These config.txt statements control the SSL/TLS options your

Ezproxy Import Existing Ssl Certificate

instance of EZproxy will use. Option EnableSSLv3 SSL 2 and SSL 3 are older protocol definitions that normally should not be used. We provide the ability to use them since some legacy environments may need them. If you are using an environment that requires SSL 3, you can force EZproxy to use this protocol ezproxy sslciphersuite by entering the following statement before an LoginPortSSL statements in your config.txt file: Option EnableSSLv3 For more details on SSL 2 and SSL 3, please see http://en.wikipedia.org/wiki/Transport_Layer_Security#SSL_1.0.2C_2.0_and_3.0. This article also describes transport level security (TLS), the successor to SSL 2 and SSL 3. Option DisableSSLv2 By default, EZproxy V5.7.44 disables SSL 3 and enables SSL 2. Because EZproxy V5.7.44 supports TLS 1.0 for client to webserver interactions, OCLC recommends that you also disable SSL 2 in addition to the default-disabled SSL 3.To do this, place the following statement before any LoginPortSSL statements in your config.txt file: Option DisableSSLv2 After disabling SSL 2 and retaining the default setting of disabled SSL 3, your EZproxy will default to TLS 1.0. EZproxy V6.0 will have the same SSL/TLS settings as V5.7.44. EZproxy V6.1 will be built with OpenSSL V1.x, and we plan to support TLS 1.1 and 1.2 with this build. EZproxy 6.1 will disable both SSL 3 and SSL 2 by default.   SSLCipherSu

page content. Search Support & Training Contact OCLC Support System Alerts Librarian's Toolbox Bibliographic Formats and Standards Directory of OCLC Libraries ezproxy tls System alerts Online Service Center More » Product Support Training Software

Ezproxy Proxy By Port

& Reports Ordering & Billing Settings Menu Search Support & Training home Find answers to your questions

Option Ignorewildcardcertificate

Search or go to a product support page for all product support material, including documentation, training, known issues, and frequently asked questions. Search Support & Training Support https://www.oclc.org/support/services/ezproxy/faq/ezproxy-security-faq.en.html Tip WorldShare Collection Manager Transitioning your Batchload project to a data sync collection in Collection Manager?  Help is available during Office Hours on Wednesdays from 2:00 pm-3:00 pm (Eastern) and Thursdays from 11:00 am- 12:00 pm (Eastern).  Be sure to check out our Batchload transition page for more information. OCLC Technology Update Learn more about https://www.oclc.org/support/home.en.html our technology vision and roadmap for the future. Choose your region Americas United States – English Canada – English Canada – Français Latin America and Caribbean – English América Latina y el Caribe – Español Europe, Middle East and Africa Europe, Middle East and Africa – English UK and Ireland – English Deutschland, Österreich, Schweiz – Deutsch Nederland – Nederlands Asia Pacific Asia Pacific – English 亚洲太平洋地区 – 中文简体 亞洲太平洋地區 – 中文繁體 Australia and New Zealand – English Need help? OCLC Customer Support (U.S.) 6565 Kilgour Place Dublin 43017 Ohio US T: +1-614-793-8682 T: 800-848-5800 (USA) Submit a support request » OCLC Customer Support (Canada) T: +1-888-658-6583 T: +1-800-848-5800 F: +1-450-618-8029 E: OCLC Customer Support (Latin America & the Caribbean) T: +1-614-793-8682 F: +1-614-718-1026 E: In Mexico: mexico@oclc.org Para solicitar soporte técnico en español por favor escriba a soporte@oclc.org UK & Ireland Support Desk City Gate 8 St. Mary's Gate Sheffield S1 4LW GB T: +44 (0)114 267 7502 T: 0845 267 7502 (local rat

rare occasion, institutions already have a certificate with a name of *.yourlib.org. If you import this certificate manually and are using proxy by port, you will receive no errors, do not need this option, and can stop reading here. For proxy http://osdir.com/ml/education.ezproxy/2005-04/msg00012.html by hostname, the following occurs: By default, when EZproxy sees a certificate that starts with *, it assumes that the certificate would be of the form *.ezproxy.yourlib.org, which is the form needed to avoid http://library.aup.edu/ezproxy/faq.html all browser warnings. For those using proxy by hostname, take a moment to review: http://www.usefulutilities.com/support/cfg/ssl/certopts.html in the proxy by hostname column for the two purchased certificate options. To avoid all warnings in proxy by hostname, ezproxy ssl you must use a certificate with a name like *.ezproxy.yourlib.org. When EZproxy sees * at the start of a certificate, it assumes it is this type of certificate and changes its own name for https purposes to login.eproxy.yourlib.org. The login. at the start matches the *., which avoids warnings. In some cases, institutions already own a certificate of the form *.yourlib.org. This certificate is capable of matching ezproxy.yourlib.org, which ezproxy ssl certificate means that it is capable of acting like a "purchased regular" certificate. When you choose to use a certificate like this, you must warn EZproxy that it isn't a *.ezproxy.yourlib.org certificate by adding: Option IgnoreWildcardCertificate to ezproxy.cfg. When you do this, EZproxy avoids adding login. to the front of its name, which can eliminate the browser warnings DURING LOGIN ONLY. You will still get browser warnings when you proxy https web sites. The one and only way to avoid browser warnings in proxy by hostname is to purchase a wildcard certificate based on your EZproxy server's name. If anyone has specific questions that relate to their certificates, please feel free to follow up off-list so we can discuss this. Chris -- Chris Zagar Useful Utilities --- You are currently subscribed to ezproxy as: gee-ezproxy@xxxxxxxxx To unsubscribe send a blank email to leave-ezproxy-58098R@xxxxxxxxxxx Thread at a glance: Previous Message by Date: Re: Authentication error No, Dana, this is not extraordinarily stupid ... That phrase should only be applied to the questions you don't ask. If I had to guess (and that's what I'm doing), I would be willing to speculate that: your user has bookmarked a session at a remote service which has e

Purchase Suggestions Library FAQ Borrowing Books Finding the Library Getting Help Ordering Documents Placing Reserves (faculty) Using Student Lockers Staff Directory Map of the Library Fast Facts Library Committee Library Mission Research Help Databases Ask for Research Help Choosing a Topic Citation/Annotation Help Finding and Evaluating a Book Finding and Evaluating an Article Finding and Evaluating a Website "Find it @ AUP" Links Google Scholar Preferences Linking to Articles in Blackboard Research Tutorial Videos Tips for Master's Theses Hours Popular Links Databases Browse Journals Ebooks and Reference Library Hours Find Books in Other Libraries Library Staff Ask for Research Help Ezproxy FAQ - Answers to Proxy Problems The AUP Library provides remote access to its databases and online journals through a program called EZProxy. Current AUP faculty, staff and students are eligible to use our subscription databases offcampus. Internet Explorer 6.x is your browser Internet Explorer 6 defaults to a higher level of security for cookies than the databases can accept. To change this: From the menu at the top of IE, select Tools Select Internet Options Select the Privacy tab This is probably set to Medium; change to the Low setting You may need to exit Internet Explorer and open it again. The Low setting still restricts some cookies -- those that provide personal information and those that don't have a compact privacy policy. Asked to accept a certificate If you are asked to accept a certificate when you log in to a database, click Yes and then continue to the database. This is a result of the update to the proxy server software. Since EZProxy now supports Secure Socket Layers, you may be asked to accept a certificate at sites that use SSL. Error message: "That username or password was incorrect. Please try again." Are you a currently enrolled student? Because of our licenses with database vendors, you must be currently enrolled to use our databases. Is there a pop-up blocker on your machine? If so, disable it for the time that you are using the databases. AOL is your browser. Minimize AOL (don't close it), open Internet Explorer, Firefox or Netscape, and try going directly to the library's homepage. http://library.aup.edu To de