Implementing SSL for PDS Authentication

Last updated
Save as PDF
Share
1. Share
2. Tweet
3. Share

The Ex Libris staff and site staff must confirm the exact path to the SSL certificates and names of the SSLCertificateFile and SSLCertificateKeyFile files. The certificates are located in the following directory:

$httpd_root/SSLconf/conf

If the local installation is the first installation on the server, the $httpd_root environment parameter in Primo typically refers to the following path:

/exlibris/primo/p1_1/primoe/apache

To implement the SSL changes:

Edit the following files:
- $httpd_root/conf/ssl.conf
- $httpd_root/conf/ssl.conf.tml
Make the relevant configuration changes in each of the files:
- Confirm or change the port (the default port within the ssl.conf table is 443). For example, change the following line:
  
  Listen @_HTTPS_PORT
  
  to:
  
  Listen 443
- Change the paths and names of the SSLCertificateFile and SSLCertificateKeyFile parameters. For example, change the following lines, where <r/> indicates the release in which Primo was initially installed and <c/> indicates the Primo copy:
  
  SSLCertificateFile /exlibris/primo/p<r><c>/primoe/apache/SSLconf/conf/@_SSL_CERTFILE
  
  SSLCertificateFile /exlibris/primo/p<r><c>/primoe/apache/SSLconf/conf/@_SSL_CERTKEY
  
  to:
  
  SSLCertificateFile /exlibris/primo/p<r><c>/primoe/apache/SSLconf/conf/new.cert.cert
  
  SSLCertificateKeyFile /exlibris/primoe/p<r><c>/primoe/apache/SSLconf/conf/new.cert.key
In the /exlibris/primo/p<r><c>/primoe/apache/bin/apachectl_auto file, set the SSL_FLAG parameter to Y.
Open the following files for editing:
- /exlibris/primo/p<r><c>/primoe/apache/bin/apachectl
- /exlibris/primo/p<r><c>/primoe/apache/bin/apachectl.tml
Add the -DSSL string to each of the files. For example, change the following line:

HTTPD="/exlibris/primo/p<r><c>/product/bin/httpd -d /exlibris/primo/p<r><c>/primoe/apache"

to:

HTTPD="/exlibris/primo/p<r><c>/product/bin/httpd -d /exlibris/primo/p<r><c>/primoe/apache -DSSL"
If mod_ssl is shared, it must be loaded explicitly via the the httpd.conf file. To load it explicitly, perform the following steps:
1. Enter the following command to see that the mod_ssl.so file exists:
  
  ls $primo_product/local/apache/modules
2. Enter the following commands to edit the httpd.conf file:
  
  apcc
  
  vi httpd.conf
3. Add the following line to the httpd.conf file:
  
  LoadModule ssl_module $primo_product/local/apache/modules/mod_ssl.so
Enter the following commands to restart the Apache server:

apcb

apachectl stop

apachectl_auto

If port 443 is used, you will need to restart the Apache server as the root user.
Enter the following commands to edit the PDSDefinitions file:

pdsroot

cd program

vi PDSDefinitions
Change the following lines:

> our ($server_httpd) = "http://servername:8991";

> our ($server_httpsd) = "http://servername:443";

> our ($server_pds) = "http://servername:8991/pds";

to:

> our ($server_httpd) = "https://servername:443";

> our ($server_httpsd) = "https://servername:443";

> our ($server_pds) = "https://servername:443/pds";
Log on to the Primo Back Office.
From the Primo Home > Ongoing Configuration Wizards -> User Authentication Wizard page, select the relevant institution and edit the PDS profile .
Set the PDS_URL and PDS_URL_INTERNAL fields to https://<server-name>:443/pds.