I received a wildcard certificate for our Ezproxy from IpsCa.  I and our IT staff have checked and double checked that the certificate is correctly installed along with the intermediate certificatesl.  However, only IE is allowing this certificate to be trusted.  Firefox and Safari are denying the certificate.  Any clues on what I need to do?  We are using the 2443 port, not the standard 443 port on a Linux machine.  We are on Ezproxy 5.3.  I am trying to implement the SSL for JSTOR secure access.  Any suggestions would be appreciated. 

Sincerely,

Edith List

_______________________

Edith Pfeifer List

Librarian, Associate Director

Marshall Brooks Library

Principia College

1 Maybeck Place

Elsah, IL 62028

Phone: 618.374.5076

Fax: 618.374.5107

email: edith.list <at> principia.edu

http://www.principiacollege.edu/library

_______________________

It looks like it was a chaining certificate.  Thanks for the insight!

Maureen

Is the chaining certificate added? Missing the chaining cert was what was causing our errors.

My institution renewed its SSL wildcard certificate and has been having some problems with error messages saying the site is untrusted.  Once we added the Option IgnoreWildcardCertificate to config.txt and restarted the proxy server, IE, Opera, Chrome, and ChromePlus started behaving normally again.  Firefox still gives an untrusted connection error for some reason.  I’d appreciate any advice on how to get this message to disappear.

Sincerely,
Maureen

*******************************

Maureen Olle-LaJoie

Head of Library Technology and Circulation

University of Wisconsin-River Falls

River Falls, WI  54022

Phone: 715-425-3799

Fax: 715-425-0609

E-mail: maureen.olle-lajoie <at> uwrf.edu

You are currently subscribed to ezproxy as: sfox <at> austincollege.edu.
To unsubscribe, send request to scacad <at> itec.suny.edu

You are currently subscribed to ezproxy as: maureen.olle-lajoie <at> uwrf.edu.
To unsubscribe, send request to scacad <at> itec.suny.edu

You’re very welcome, glad I could be of help. Happy 4th!

It looks like it was a chaining certificate.  Thanks for the insight!

Maureen

Is the chaining certificate added? Missing the chaining cert was what was causing our errors.

My institution renewed its SSL wildcard certificate and has been having some problems with error messages saying the site is untrusted.  Once we added the Option IgnoreWildcardCertificate to config.txt and restarted the proxy server, IE, Opera, Chrome, and ChromePlus started behaving normally again.  Firefox still gives an untrusted connection error for some reason.  I’d appreciate any advice on how to get this message to disappear.

Sincerely,
Maureen

*******************************

Maureen Olle-LaJoie

Head of Library Technology and Circulation

University of Wisconsin-River Falls

River Falls, WI  54022

Phone: 715-425-3799

Fax: 715-425-0609

E-mail: maureen.olle-lajoie <at> uwrf.edu

You are currently subscribed to ezproxy as: sfox <at> austincollege.edu.
To unsubscribe, send request to scacad <at> itec.suny.edu

You are currently subscribed to ezproxy as: maureen.olle-lajoie <at> uwrf.edu.
To unsubscribe, send request to scacad <at> itec.suny.edu

You are currently subscribed to ezproxy as: sfox <at> austincollege.edu.
To unsubscribe, send request to scacad <at> itec.suny.edu

Hello this is a summary of the issues we are resolving in the upcoming release, V5.4.1, which will be released within 2 weeks;  and issues which are being resolved in V5.5, slated for September. I am including our JIRA numbers for these issues to hopefully simplify how we refer to them. If you have questions, don’t reply to me directly as I will be on holiday but reply to ezproxy <at> oclc.org.

Thanks!

EZPROX-633

The string concatenation operator is interpreted as a character belonging to the neighboring textual constant rather than as a concatenation operator. This will be fixed in EZproxy V5.5. If you see this problem, the workaround is to insert a space around the operator. For example, this syntax UserFile("groups/" . login:instNumber.".txt") works, while UserFile("groups/".login:instNumber.".txt") does not.

EZPROX-609

In V5.4, the restart function did not correctly restart EZproxy on Windows platforms. This problem has been fixed in V5.4.1.

EZPROX-608

The IPC file (named ezproxy.ipc) isn't created on Windows platforms. This allowed multiple instances of Ezproxy to be started on a server out of the same directory. This problem has been fixed in V5.4.1.

EZPROX-611

The use of Shibboleth with groups resulted in the presentation of logup.htm instead of the completion of authentication. This problem has been fixed in V5.4.1.

EZPROX-626

EZproxy does not work Shibboleth IdP version 2.3. We understand what the issue is and are implementing a change to resolve this issue. This change will not be in V5.4.1. We anticipate fixing this problem in EZproxy V5.5, to be released in September.

EZPROX-613

The limit on number of includeFile entries was inadvertently set much smaller in V5.4. This problem has been fixed in V5.4.1. The limits set in V5.4.1 are 4096 include files allowed at a depth of up to 64 nested includes - include files with another include statement.

EZPROX-612

If EZproxy is restarted and an IPC file exists, EZproxy will now issue a message suggesting you can delete this file if you know EZproxy isn't currently running. Before this change, EZproxy would not start or issue a related message. This change is in V5.4.1.

EZPROX-627

Some sites are reporting Shibboleth authentication was not working with EZproxy V5.3 on the Solaris operating system. We are testing this scenario with V5.4.1. We do not believe this is a problem with V5.4.1.

EZPROX-632

When users authenticate using Shibboleth 1.3, each authentication results in the message: "SAMLResponse no encrypted Assertion elements" being written to the messages.txt file. This message can be ignored. We will resolve the spurious logging of this message in V5.5.

EZPROX-610

Message "SAML received assertion without a status of success, denying access" logged with a failure to authenticate with Shibboleth. This issue has existed since V5.1d and has been reported with institutions in the UK access federation. We are researching this issue and will either issue an update to EZproxy or describe a configuration method to resolve this problem as soon as we can test it.

Don Hamparian

Senior Product Manager

Web and Data Services

Identity Management & EZproxy

OCLC

mailto:hamparid <at> oclc.org

614.764.6017 (voice)

614.975.5750 (mobile)

IM, IP Phone (Skype) donhamp2

ICQ: 412-913-446

http://worldcat.org/devnet

Don.

Thanks very much for this helpful information.  It is very useful to us.

Best,

Rich

Hello this is a summary of the issues we are resolving in the upcoming release, V5.4.1, which will be released within 2 weeks;  and issues which are being resolved in V5.5, slated for September. I am including our JIRA numbers for these issues to hopefully simplify how we refer to them. If you have questions, don’t reply to me directly as I will be on holiday but reply to ezproxy <at> oclc.org.

Thanks!

EZPROX-633

The string concatenation operator is interpreted as a character belonging to the neighboring textual constant rather than as a concatenation operator. This will be fixed in EZproxy V5.5. If you see this problem, the workaround is to insert a space around the operator. For example, this syntax UserFile("groups/" . login:instNumber.".txt") works, while UserFile("groups/".login:instNumber.".txt") does not.

EZPROX-609

In V5.4, the restart function did not correctly restart EZproxy on Windows platforms. This problem has been fixed in V5.4.1.

EZPROX-608

The IPC file (named ezproxy.ipc) isn't created on Windows platforms. This allowed multiple instances of Ezproxy to be started on a server out of the same directory. This problem has been fixed in V5.4.1.

EZPROX-611

The use of Shibboleth with groups resulted in the presentation of logup.htm instead of the completion of authentication. This problem has been fixed in V5.4.1.

EZPROX-626

EZproxy does not work Shibboleth IdP version 2.3. We understand what the issue is and are implementing a change to resolve this issue. This change will not be in V5.4.1. We anticipate fixing this problem in EZproxy V5.5, to be released in September.

EZPROX-613

The limit on number of includeFile entries was inadvertently set much smaller in V5.4. This problem has been fixed in V5.4.1. The limits set in V5.4.1 are 4096 include files allowed at a depth of up to 64 nested includes - include files with another include statement.

EZPROX-612

If EZproxy is restarted and an IPC file exists, EZproxy will now issue a message suggesting you can delete this file if you know EZproxy isn't currently running. Before this change, EZproxy would not start or issue a related message. This change is in V5.4.1.

EZPROX-627

Some sites are reporting Shibboleth authentication was not working with EZproxy V5.3 on the Solaris operating system. We are testing this scenario with V5.4.1. We do not believe this is a problem with V5.4.1.

EZPROX-632

When users authenticate using Shibboleth 1.3, each authentication results in the message: "SAMLResponse no encrypted Assertion elements" being written to the messages.txt file. This message can be ignored. We will resolve the spurious logging of this message in V5.5.

EZPROX-610

Message "SAML received assertion without a status of success, denying access" logged with a failure to authenticate with Shibboleth. This issue has existed since V5.1d and has been reported with institutions in the UK access federation. We are researching this issue and will either issue an update to EZproxy or describe a configuration method to resolve this problem as soon as we can test it.

Don Hamparian

Senior Product Manager

Web and Data Services

Identity Management & EZproxy

OCLC

mailto:hamparid <at> oclc.org

614.764.6017 (voice)

614.975.5750 (mobile)

IM, IP Phone (Skype) donhamp2

ICQ: 412-913-446

http://worldcat.org/devnet

You are currently subscribed to ezproxy as: rwenger <at> mit.edu.
To unsubscribe, send request to scacad <at> itec.suny.edu