Skip to main content
ExLibris

Knowledge Assistant

BETA
 
  • Subscribe by RSS
  • Back
    Aleph

     

    Ex Libris Knowledge Center
    1. Search site
      Go back to previous article
      1. Sign in
        • Sign in
        • Forgot password
    1. Home
    2. Aleph
    3. Knowledge Articles
    4. How to create a self-signed SSL certificate for the Apache of Aleph (use case: Relais sends NCIP over HTTPS requests to Aleph)

    How to create a self-signed SSL certificate for the Apache of Aleph (use case: Relais sends NCIP over HTTPS requests to Aleph)

    1. Last updated
    2. Save as PDF
    3. Share
      1. Share
      2. Tweet
      3. Share
    1. Additional Information
    • Article Type: General
    • Product: Aleph

    Desired Outcome Goal:
    Primary goal (scope of this KCS Article):
    A self-signed SSL certificate (signed with the Secure Hash Algorithm SHA-1) and the corresponding private key exist on the Aleph server.

    Secondary goal:
    The Apache webserver of Aleph can be configured to use this self-signed SSL certificate, so that the Relais Discovery to Delivery service can communicate with the Aleph NCIP server (via Apache and the Aleph WWW Server).

    Procedure:
    (1)
    Log on to the Aleph server as UNIX user aleph.


    (2)
    Change directory to /exlibris/tmp.


    (3)
    Create a parameter file (e.g. named self-cert.cnf) for the self-signed SSL certificate with the following contents:

    [req]
    prompt=no
    default_bits=2048
    encrypt_key=no
    default_md=sha1
    distinguished_name=dn
    string_mask=MASK:0002
    x509_extensions=ext
    [dn]
    CN=<hostname>
    [ext]
    subjectAltName=DNS:<hostname>,DNS:<alt_hostname>
    subjectKeyIdentifier=hash


    Note:
    =====
    You need to set the following two parameters:

    (3.1)
    CN=<hostname>

    Set this parameter to the full hostname which identifies the Apache webserver.

    Example:
    CN=alephprod.library.edu


    (3.2)
    subjectAltName=DNS:<hostname>,DNS:<alt_hostname>

    Set the first part of this parameter to the full hostname which identifies the Apache webserver.
    If there exists an alternative name which identifies the Apache webserver, set the second part of the parameter to that name.

    Example:
    subjectAltName=DNS:alephprod.library.edu,DNS:opac.library.edu


    (4)
    Execute the following command:

    $ openssl req -config ./self-cert.cnf -new -x509 -days 3650 -keyout ./self_sha1.key -out ./self_sha1.crt

    This command creates the self-signed SSL certificate file self_sha1.crt and the corresponding private key self_sha1.key (you can choose any name for these files).


    (5)
    Now you can enable this self-signed SSL certificate in the Apache of Aleph and proceed with the NCIP configuration in Aleph.

    Additional Information

    As of 27 March 2015, Relais Discovery to Delivery service BorrowDirect does not support SSL certificates signed with SHA-2, but requires certificates signed with SHA-1.


    View article in the Exlibris Knowledge Center
    1. Back to top
      • How to create a search index for collection description
      • How to create add'l. payment methods
    • Was this article helpful?

    Recommended articles

    1. Article type
      Topic
      Language
      English
      Product
      Aleph
    2. Tags
      1. contype:kba
      2. Prod:Aleph
      3. Type:General
    1. © Copyright 2025 Ex Libris Knowledge Center
    2. Powered by CXone Expert ®
    • Term of Use
    • Privacy Policy
    • Contact Us
    2025 Ex Libris. All rights reserved