Implementing SSL for PDS Authentication
The Ex Libris staff and site staff must confirm the exact path to the SSL certificates and names of the SSLCertificateFile and SSLCertificateKeyFile files. The certificates are located in the following directory:
$httpd_root/SSLconf/conf
If the local installation is the first installation on the server, the $httpd_root environment parameter in Primo typically refers to the following path:
/exlibris/primo/p1_1/primoe/apache
To implement the SSL changes:
-
Edit the following files:
-
$httpd_root/conf/ssl.conf
-
$httpd_root/conf/ssl.conf.tml
-
-
Make the relevant configuration changes in each of the files:
-
Confirm or change the port (the default port within the ssl.conf table is 443). For example, change the following line:Listen @_HTTPS_PORTto:Listen 443
-
Change the paths and names of the SSLCertificateFile and SSLCertificateKeyFile parameters. For example, change the following lines, where <r/> indicates the release in which Primo was initially installed and <c/> indicates the Primo copy:SSLCertificateFile /exlibris/primo/p<r><c>/primoe/apache/SSLconf/conf/@_SSL_CERTFILESSLCertificateFile /exlibris/primo/p<r><c>/primoe/apache/SSLconf/conf/@_SSL_CERTKEYto:SSLCertificateFile /exlibris/primo/p<r><c>/primoe/apache/SSLconf/conf/new.cert.certSSLCertificateKeyFile /exlibris/primoe/p<r><c>/primoe/apache/SSLconf/conf/new.cert.key
-
-
In the /exlibris/primo/p<r><c>/primoe/apache/bin/apachectl_auto file, set the SSL_FLAG parameter to Y.
-
Open the following files for editing:
-
/exlibris/primo/p<r><c>/primoe/apache/bin/apachectl
-
/exlibris/primo/p<r><c>/primoe/apache/bin/apachectl.tml
-
-
Add the -DSSL string to each of the files. For example, change the following line:HTTPD="/exlibris/primo/p<r><c>/product/bin/httpd -d /exlibris/primo/p<r><c>/primoe/apache"to:HTTPD="/exlibris/primo/p<r><c>/product/bin/httpd -d /exlibris/primo/p<r><c>/primoe/apache -DSSL"
-
If mod_ssl is shared, it must be loaded explicitly via the the httpd.conf file. To load it explicitly, perform the following steps:
-
Enter the following command to see that the mod_ssl.so file exists:ls $primo_product/local/apache/modules
-
Enter the following commands to edit the httpd.conf file:apccvi httpd.conf
-
Add the following line to the httpd.conf file:LoadModule ssl_module $primo_product/local/apache/modules/mod_ssl.so
-
-
Enter the following commands to restart the Apache server:apcbapachectl stopapachectl_autoIf port 443 is used, you will need to restart the Apache server as the root user.
-
Enter the following commands to edit the PDSDefinitions file:pdsrootcd programvi PDSDefinitions
-
Change the following lines:> our ($server_httpd) = "http://servername:8991";> our ($server_httpsd) = "http://servername:443";> our ($server_pds) = "http://servername:8991/pds";to:> our ($server_httpd) = "https://servername:443";> our ($server_httpsd) = "https://servername:443";> our ($server_pds) = "https://servername:443/pds";
-
Log on to the Primo Back Office.
-
From the Primo Home > Ongoing Configuration Wizards -> User Authentication Wizard page, select the relevant institution and edit the PDS profile .
-
Set the PDS_URL and PDS_URL_INTERNAL fields to https://<server-name>:443/pds.