Skip to main content
  • Subscribe by RSS
  • Ex Libris Knowledge Center

    Implementing SSL for PDS Authentication

    This information is not applicable to Primo VE environments. For more details on Primo VE configuration, see Primo VE.
    The Ex Libris staff and site staff must confirm the exact path to the SSL certificates and names of the SSLCertificateFile and SSLCertificateKeyFile files. The certificates are located in the following directory:
    If the local installation is the first installation on the server, the $httpd_root environment parameter in Primo typically refers to the following path:
    To implement the SSL changes:
    1. Edit the following files:
      • $httpd_root/conf/ssl.conf
      • $httpd_root/conf/ssl.conf.tml
    2. Make the relevant configuration changes in each of the files:
      • Confirm or change the port (the default port within the ssl.conf table is 443). For example, change the following line:
        Listen @_HTTPS_PORT
        Listen 443
      • Change the paths and names of the SSLCertificateFile and SSLCertificateKeyFile parameters. For example, change the following lines, where <r/> indicates the release in which Primo was initially installed and <c/> indicates the Primo copy:
        SSLCertificateFile /exlibris/primo/p<r><c>/primoe/apache/SSLconf/conf/@_SSL_CERTFILE
        SSLCertificateFile /exlibris/primo/p<r><c>/primoe/apache/SSLconf/conf/@_SSL_CERTKEY
        SSLCertificateFile /exlibris/primo/p<r><c>/primoe/apache/SSLconf/conf/new.cert.cert
        SSLCertificateKeyFile /exlibris/primoe/p<r><c>/primoe/apache/SSLconf/conf/new.cert.key
    3. In the /exlibris/primo/p<r><c>/primoe/apache/bin/apachectl_auto file, set the SSL_FLAG parameter to Y.
    4. Open the following files for editing:
      • /exlibris/primo/p<r><c>/primoe/apache/bin/apachectl
      • /exlibris/primo/p<r><c>/primoe/apache/bin/apachectl.tml
    5. Add the -DSSL string to each of the files. For example, change the following line:
      HTTPD="/exlibris/primo/p<r><c>/product/bin/httpd -d /exlibris/primo/p<r><c>/primoe/apache"
      HTTPD="/exlibris/primo/p<r><c>/product/bin/httpd -d /exlibris/primo/p<r><c>/primoe/apache -DSSL"
    6. If mod_ssl is shared, it must be loaded explicitly via the the httpd.conf file. To load it explicitly, perform the following steps:
      1. Enter the following command to see that the file exists:
        ls $primo_product/local/apache/modules
      2. Enter the following commands to edit the httpd.conf file:
        vi httpd.conf
      3. Add the following line to the httpd.conf file:
        LoadModule ssl_module $primo_product/local/apache/modules/
    7. Enter the following commands to restart the Apache server:
      apachectl stop
      If port 443 is used, you will need to restart the Apache server as the root user.
    8. Enter the following commands to edit the PDSDefinitions file:
      cd program
      vi PDSDefinitions
    9. Change the following lines:
      > our ($server_httpd) = "http://servername:8991";
      > our ($server_httpsd) = "http://servername:443";
      > our ($server_pds) = "http://servername:8991/pds";
      > our ($server_httpd) = "https://servername:443";
      > our ($server_httpsd) = "https://servername:443";
      > our ($server_pds) = "https://servername:443/pds";
    10. Log on to the Primo Back Office.
    11. From the Primo Home > Ongoing Configuration Wizards -> User Authentication Wizard page, select the relevant institution and edit the PDS profile .
    12. Set the PDS_URL and PDS_URL_INTERNAL fields to https://<server-name>:443/pds.