Why am I getting a browser warning of ERR CERT COMMON NAME INVALID after updating the SSL certificate on EZproxy
Symptom
- Users are getting a web browser warning about the EZproxy SSL certificate right after SSL certificate was updated. The warning is ERR_CERT_COMMON_NAME_INVALID
- The EZproxy prefix being used for HTTPS does not start with login. https://cptest.idm.oclc.org/login?url= is an example.
- The SSL certificate being used does not include the exact EZproxy name in either the CN or SAN fields only the wildcard entry is present.
Resolution
Here is what you need to do to fix the issue:
- Update the SSL certificate to include both the exact EZproxy name and also the wild card of the EZproxy name. Using the example about *.cptest.idm.oclc.org and cptest.idm.oclc.org must be present on the SSL certificate. It does not matter which value is in which field just both must be present or https://cptest.idm.oclc.org/login?url= will generate the ERR_CERT_COMMON_NAME_INVALID browser warning
Additional information
The EZproxy prefix can also be updated to https://login. to resolve this issue as well.
Page ID
39049