Skip to main content
ExLibris
  • Subscribe by RSS
  • Ex Libris Knowledge Center

    Implementing SSL for PDS Authentication

    The Ex Libris staff and site staff must confirm the exact path to the SSL certificates and names of the SSLCertificateFile and SSLCertificateKeyFile files. The certificates are located in the following directory:
    $httpd_root/SSLconf/conf
    If the local installation is the first installation on the server, the $httpd_root environment parameter in Primo typically refers to the following path:
    /exlibris/primo/p1_1/primoe/apache
    To implement the SSL changes:
    1. Edit the following files:
      • $httpd_root/conf/ssl.conf
      • $httpd_root/conf/ssl.conf.tml
    2. Make the relevant configuration changes in each of the files:
      • Confirm or change the port (the default port within the ssl.conf table is 443). For example, change the following line:
        Listen @_HTTPS_PORT
        to:
        Listen 443
      • Change the paths and names of the SSLCertificateFile and SSLCertificateKeyFile parameters. For example, change the following lines, where <r/> indicates the release in which Primo was initially installed and <c/> indicates the Primo copy:
        SSLCertificateFile /exlibris/primo/p<r><c>/primoe/apache/SSLconf/conf/@_SSL_CERTFILE
        SSLCertificateFile /exlibris/primo/p<r><c>/primoe/apache/SSLconf/conf/@_SSL_CERTKEY
        to:
        SSLCertificateFile /exlibris/primo/p<r><c>/primoe/apache/SSLconf/conf/new.cert.cert
        SSLCertificateKeyFile /exlibris/primoe/p<r><c>/primoe/apache/SSLconf/conf/new.cert.key
    3. In the /exlibris/primo/p<r><c>/primoe/apache/bin/apachectl_auto file, set the SSL_FLAG parameter to Y.
    4. Open the following files for editing:
      • /exlibris/primo/p<r><c>/primoe/apache/bin/apachectl
      • /exlibris/primo/p<r><c>/primoe/apache/bin/apachectl.tml
    5. Add the -DSSL string to each of the files. For example, change the following line:
      HTTPD="/exlibris/primo/p<r><c>/product/bin/httpd -d /exlibris/primo/p<r><c>/primoe/apache"
      to:
      HTTPD="/exlibris/primo/p<r><c>/product/bin/httpd -d /exlibris/primo/p<r><c>/primoe/apache -DSSL"
    6. If mod_ssl is shared, it must be loaded explicitly via the the httpd.conf file. To load it explicitly, perform the following steps:
      1. Enter the following command to see that the mod_ssl.so file exists:
        ls $primo_product/local/apache/modules
      2. Enter the following commands to edit the httpd.conf file:
        apcc
        vi httpd.conf
      3. Add the following line to the httpd.conf file:
        LoadModule ssl_module $primo_product/local/apache/modules/mod_ssl.so
    7. Enter the following commands to restart the Apache server:
      apcb
      apachectl stop
      apachectl_auto
      If port 443 is used, you will need to restart the Apache server as the root user.
    8. Enter the following commands to edit the PDSDefinitions file:
      pdsroot
      cd program
      vi PDSDefinitions
    9. Change the following lines:
      > our ($server_httpd) = "http://servername:8991";
      > our ($server_httpsd) = "http://servername:443";
      > our ($server_pds) = "http://servername:8991/pds";
      to:
      > our ($server_httpd) = "https://servername:443";
      > our ($server_httpsd) = "https://servername:443";
      > our ($server_pds) = "https://servername:443/pds";
    10. Log on to the Primo Back Office.
    11. From the Primo Home > Ongoing Configuration Wizards -> User Authentication Wizard page, select the relevant institution and edit the PDS profile .
    12. Set the PDS_URL and PDS_URL_INTERNAL fields to https://<server-name>:443/pds.