SSL certificate options
Depending on the choices made during certificate setup, remote users may encounter various browser warnings. The information on this page summarizes the warnings that appear based on the choices made.
Regular versus wildcard
In the following information, regular refers to a certificate that is issued in the exact name of your EZproxy server (e.g., ezproxy.yourlib.org) whereas wildcard refers to a certificate that is issued as *. followed by the exact name of your EZproxy server (e.g., *.ezproxy.yourlib.org). These forms of certificate names are the two types that can be created from within the SSL configuration option provided by EZproxy.
If you create a wildcard certificate outside of EZproxy that is a wildcard for your domain (e.g., *.yourlib.org) and if you are using Proxy by Hostname you will receive browser warnings. This certificate will work effectively for Proxy by Port configuration with additional options enabled. You will need the certificate and the corresponding private RSA key to import this certificate into EZproxy.
Note: Proxy by Port is not supported in the hosted EZproxy environment.
Note on wildcard certificates: EZproxy expects the wildcard domain name to be specified with the CN element in the Subject field. The non-wildcard domain should be specified as a DNS element in the Subject Alternative Name (SAN) field.
Proxy by port | Proxy by hostname | |
---|---|---|
Self-Signed Regular |
Free Should be used for TESTING ONLY Single browser warning about unknown certificate authority the first time https is accessed, either during login or when accessing a proxied https web site |
Free Should be used for TESTING ONLY During login, single browser warning about unknown certificate during login On first access to each different https proxied web server,hostname mismatch browser warning Since there is no cost difference, self-signed wildcard is recommended over self-signed regular for proxy by hostname |
Self-Signed Wildcard | Not applicable |
Free Should be used for TESTING ONLY Will cause browser warnings and errors loading content. |
Certificate Authority Issued Regular (ezproxy.library.edu OR *.library.edu) |
Annual purchase No browser warnings Recommended solution for Proxy by Port |
Annual purchase Browser warnings after login Multiple hostname mismatch browser warnings, one for each https proxied web site accessed |
Certificate Authority Issued Wildcard (ezproxy.library.edu AND *.ezproxy.library.edu) |
Not applicable |
Annual purchase; markedly more expensive than regular certificate if purchased No browser warnings during login or when proxying https web sites Recommended solution for Proxy by Hostname Newer versions of EZproxy should include the exact EZproxy name on the SSL certificate |