Just in case anyone was (like me) wondering how a wildcard certificate would work with multiple levels of subdomains, it turns out that EZproxy has custom support for SSL built-in and automatically converts example.org.ezproxy.example.org to use hyphens in the subdomains: example-org.ezproxy.example.org
Citing an online discussion: > > One post I read suggested that wildcard certificates were only good for one > > domain level, here's an excerpt: > > > > "Example, if the cert is for *.domain.com then a.domain.com and > > b.domain.com hosts can use the same cert. but for hosts that have more than > > one level of subdomain like c.d.domain.com, the cert. will not work and you > > will get the popup warning" > > > > Is this comment accurate? > > That comment is true. For this reason, when you use a wildcard certificate on > a server named ezproxy.yourlib.org, the wildcard certificate is for > *.ezproxy.yourlib.org, EZproxy calls itself login.ezproxy.yourlib.org during > secure login, and when you proxy a remote site, the periods of the hostname > are changed to hyphens (e.g. www-somedb-com.ezproxy.yourlib.org). This avoids > the browser warnings. Sent from my iPhone > On Jan 14, 2016, at 10:17 PM, Andrew Anderson <[email protected]> wrote: > > Eric, > > Check out Startcom’s StartSSL service (https://www.startssl.com), for $120 > you have the ability to generate 3-year wildcard certificates with their > Organizational Validation level of service. > > Andrew > > -- > Andrew Anderson, President & CEO, Library and Information Resources Network, > Inc. > http://www.lirn.net/ | http://www.twitter.com/LIRNnotes | > http://www.facebook.com/LIRNnotes > >> On Jan 14, 2016, at 21:33, Eric Hellman <[email protected]> wrote: >> >> I would also go with the $120 3 year wildcard cert for ezproxy. What vendor >> are you using? >>> On Jan 14, 2016, at 7:23 PM, Cary Gordon <[email protected]> wrote: >>> >>> I love the idea of Let’s Encrypt, but I recently bought a three year >>> wildcard cert subscription for about $120. I would need to fall firmly into >>> the true believer category to go the route you suggest. >>> >>> Cary >>> >>>> On Jan 14, 2016, at 11:20 AM, Eric Hellman <[email protected]> wrote: >>>> >>>> A while back, the issue of needing a wildcard certificate (not supported >>>> by Lets Encrypt) for EZProxy was discussed. >>>> >>>> In my discussions with publishers about switching to HTTPS, EZProxy >>>> compatibility has been the most frequently mentioned stumbling block >>>> preventing a complete switch to HTTPS for some HTTPS-ready publishers. In >>>> two cases that I know of, a publisher which has been HTTPS-only was asked >>>> by a library customer to provide insecure service (oh the horror!) for >>>> this reason. >>>> >>>> It's been pointed out to me that while Lets Encrypt is not supporting >>>> wildcard certificates, up to 100 hostnames can be supported on a single LE >>>> certificate. A further limit on certificates issued per week per domain >>>> would mean that up to 500 hostnames can be registered with LE in a week. >>>> >>>> Are there EZProxy instances out there that need more than 500 hostnames, >>>> assuming that all services are switched to HTTPS? >>>> >>>> Also, I blogged my experience talking to people about privacy at #ALAMW16. >>>> http://go-to-hellman.blogspot.com/2016/01/not-using-https-on-your-website-is-like.html >>>> >>>> <http://go-to-hellman.blogspot.com/2016/01/not-using-https-on-your-website-is-like.html> >>>> >>>> Eric >>>> >>>> >>>> Eric Hellman >>>> President, Free Ebook Foundation >>>> Founder, Unglue.it https://unglue.it/ >>>> https://go-to-hellman.blogspot.com/ >>>> twitter: @gluejar >>
