Skip to main content
ExLibris

Knowledge Assistant

BETA
  • Subscribe by RSS
    • Back
    SFX

     

    Ex Libris Knowledge Center
    1. Search site
      Go back to previous article
      2. Sign in
        • Sign in
        • Forgot password
    1. Home
    2. SFX
    3. Product Documentation
    4. Version 4.0
    5. SFX System Administration Guide
    6. Configuring SSL - Deprecated

    Configuring SSL - Deprecated

    1. Last updated
    2. Save as PDF
    3. Share
      1. Share
      2. Tweet
      3. Share
    1. Configuring All SFX Instances
    2. Configuring the Virtual Host for HTTPS
    3. Configuring the Reverse Proxy Server
    This page is only relevant for customers using the old method of configuring SSL. Customers configuring SSL for the first time should use the new method described in Support for SSL.

    Configuring All SFX Instances

    In order to configure an SFX instance so that SFX and SFXAdmin are accessible using HTTPS, Apache+SSL for SFX version 4 must be configured with Apache 2.0.52.
    To configure all SFX instances:
    1. Log on as an instance user.
    2. Configure the virtual host for the HTTP server by editing the following file:

    /exlibris/sfx_ver/sfx4_1/<instance>/config/httpd.conf

    1. Load the SSL module by removing the comment sign (#) from the following lines:

    #<IfModule mod_ssl.c>

      #Include /exlibris/sfx_ver/sfx4_1/<instance>/config/ssl.config

    #</IfModule>
    1. Before this section, add the following line:

    LoadModule ssl_module /exlibris/sfx_ver/sfx4_1/app/apache/modules/mod_ssl.so
    You must list the full path of ssl.config.
    1. HTTPS and HTTP should have different log files. To create different log files, create a virtual host configuration. Locate the following text:

    Include /exlibris/sfx_ver/sfx4_1/<instance>/config/local_httpd.conf

    Add the following lines before it:

    <VirtualHost _default_:INSTANCE_PORT_NUMBER>

    #ServerAdmin webmaster@dummy-host.example.com

    #DocumentRoot /www/docs/dummy-host.example.com

     

    ServerName _default_:INSTANCE_PORT_NUMBER

    ErrorLog /exlibris/sfx_ver/sfx4_1/<instance>/logs/apache/error_log

      CustomLog      /exlibris/sfx_ver/sfx4_1/<instance>/logs/apache/access_log common

    </VirtualHost>
    INSTANCE_PORT_NUMBER is the same port that you already have for this instance. (If you do not remember the port number, use the listen port number from the configuration file.)
    1. Verify that there are no additional VirtualHost sections in the file.

    Configuring the Virtual Host for HTTPS

    To set up an HTTPS virtual host, an SSL certificate and key is required. There are two possible ways to obtain the certificate and key:
    • A site certificate can be obtained through a UW/IST Certificate Authority. This is recommended for a production environment.
    • You can generate your own certificate for testing purposes.
    To generate the SSL certificate and key:
    1. Create a subdirectory for the certificate and key:
    cd /exlibris/sfx_ver/sfx4_1/<instance>/config
    mkdir keys
    cd keys
    1. Create an RSA private key:
    openssl genrsa -des3 -rand file1:file2:file3:file4:file5 -out server.key 1024
    Remember your pass-phrase for future use.
    1. Remove the pass-phrase from the key:
    openssl rsa -in server.key -out server.pem
    1. Generate the CSR:
    openssl req -new -key server.key -out server.csr
    1. Enter the server host name in the Common Name field.
    2. Generate a self-signed certificate:
    openssl x509 -req -days 60 -in server.csr -signkey server.key -out server.crt -set_serial XX
    1. Replace the XX in the command with any random two-digit number. This is the certificate serial number and it should be unique among your instances.
    For more information on how to generate a key and CSR, see http://slacksite.com/apache/certificate.html.
    1. For security reasons (not obligatory), the owner of the directory keys and the files located inside should be the root user:
    su -
    cd /exlibris/sfx_ver/sfx4_1/<instance>/config/keys
    chown root:root *
    chmod 775 *
    cd ..
    chown root:root keys
    • HTTP and HTTPS cannot share the same port.
    • Each instance should have its own certificate and key.
    After you have obtained an SSL certificate and key, you can configure the virtual host for SSL.
    To configure the virtual host for SSL:
    1. Copy the sample file listed in the config directory of your instance:
    sx
    cp config/ssl.config.sample config/ssl.config
    cn
    1. Edit the file /ssl.config content by replacing the following placeholders with their actual values:
    • INSTANCE_SSL_PORT_NUMBER – Replace this placeholder with the desired port number for SSL communication for the instance. (Note the default port number for SSL is 443, which can be used only by the root user.)
    • SERVER_HOST_NAME – Replace this placeholder with the server host name. The value is the same for all instances.
    • INSTANCE – Replace this placeholder with the instance name.

    Configuring the Reverse Proxy Server

    Before you can configure the reverse proxy server to support SSL, you must:
    • Create the configuration file reverse_proxy_ssl.config
    • Generate an SSL certificate and key
    To create reverse_proxy_ssl.config:
    1. Log on as the sfxglb41 user and type the following:
    cn
    cp reverse_proxy_httpd.config__ reverse_proxy_httpd_ssl.config__
    • All the instances use the same reverse proxy configuration file.
    • Use a text editor to edit reverse_proxy_httpd_ssl.config_.
    1. Before the following line:
    ProxyPass /sfxadmin/sfxglb41 http://localhost:3101/sfxadmin/sfxglb41

    add:

    SSLProxyEngine on
    1. For instances that works with SSL, there is a section with 13 lines with the name of the instance in the line. Change each line as follows:
    • Replace http with https.
    • Change the port to the SSL port of the instance.

    The following is an example of the text before the changes:

    ProxyPassReverse /sfxadmin/sfxlcl41
    http://localhost:80/sfxadmin/sfxlcl41

    The following is an example of the line after the changes – http has been changed to https, and port 80 has been changed to 90:

    ProxyPassReverse /sfxadmin/sfxlcl41
    http://localhost:90/sfxadmin/sfxlcl41
    To generate an SSL certificate and key:
    1. Log on as the sfxglb41 user.
    2. Create a subdirectory for the certificate and key:

    cd /exlibris/sfx_ver/sfx4_1/app/apache/conf

    mkdir keys

    cd keys
    1. Create an RSA private key:

    openssl genrsa -des3 -rand file1:file2:file3:file4:file5 -out server.key 1024
    Be sure to remember your pass-phrase for future use.
    1. Remove the pass-phrase from the key:
    openssl rsa -in server.key -out server.pem
    1. Generate the CSR.
    openssl req -new -key server.key -out server.csr
    Enter the server host name in the Common Name field.
    1. Generate a self-signed certificate.
    openssl x509 -req -days 60 -in server.csr -signkey server.key -out server.crt -set_serial XX
    1. Replace the XX in the command with any random serial number made of two digits. This is the certificate serial number and it should be unique among your instances.
    2. For security reasons (not obligatory), the owner of the directory keys and the files located inside should be the root user:
    su -
    cd /exlibris/sfx_ver/sfx4_1/app/apache/conf/keys
    chown root:root *
    chmod 775 *
    cd ..
    chown root:root keys
    After you have created reverse_proxy_ssl.config and obtained an SSL certificate and key, you can configure the reverse proxy server.
    To configure the reverse proxy server:
    1. Configure the virtual host for HTTP by adding the following lines at the end of /exlibris/sfx_ver/sfx4_1/proxy/conf/httpd.conf:
    <VirtualHost default:PROXY_HTTP_PORT >
    ServerAdmin webmaster@dummy-host.example.com
    DocumentRoot /www/docs/dummy-host.example.com
    ServerName default:PROXY_HTTP_PORT
    ErrorLog /exlibris/sfx_ver/sfx4_1/proxy/logs/
    error_log
    CustomLog /exlibris/sfx_ver/sfx4_1/proxy/logs/
    access_log common
    ProxyRequests Off
    <Proxy *>
    Order deny,allow
    Allow from all
    </Proxy>
    RewriteEngine on
    Include /exlibris/sfx_ver/sfx4_1/sfxglb41/config/
    reverse_proxy_httpd.config__
    </VirtualHost>

    In the previous example, PROXY_HTTP_PORT is the port number for accessing the HTTP proxy server (for example, 3020).

    The include line for the reverse_proxy_httpd.config file has to go inside the VirtualHost section.
    1. Add SSL support by adding the following lines at the end of /exlibris/sfx_ver/sfx4_1/proxy/conf/httpd.conf

    <IfModule mod_ssl.c>

       Include /exlibris/sfx_ver/sfx4_1/app/apache/conf/ssl.config

    </IfModule>

    :

    1. Configure SSL Enabled Virtual Hosts.
    2. Copy the sample file located in the config directory of the sfxglb41 instance:

    cp /exlibris/sfx_ver/sfx4_1/sfxglb41/config/proxy_ssl.config.sample /exlibris/sfx_ver/sfx4_1/app/apache/conf/ssl.config
    1. Edit the new file content by replacing the following placeholders with their proper values:
    • PROXY_HTTPS_PORT – Replace this placeholder with the desired port value (for example, 3050).
    • SERVER_HOST_NAME – Replace this placeholder with the server host name. This value is the same for all instances.
    View article in the Exlibris Knowledge Center
    1. Back to top
      • eBook Search Set-Up Instructions
      • Target Activation for Discovery with Primo and CDI
    • Was this article helpful?

    Recommended articles

    1. Article type
      Topic
      Content Type
      Documentation
      Language
      English
      Product
      SFX
    2. Tags
      This page has no tags.
    1. © Copyright 2025 Ex Libris Knowledge Center
    2. Powered by CXone Expert ®
    • Term of Use
    • Privacy Policy
    • Contact Us
    2025 Ex Libris. All rights reserved