Hi Karen,
I got caught out last week because our SSL certificate expired so I had
to get it replaced in a hurry. I didn't find the CSDirect form for
generating the CSR initially, so I just got our IT people to obtain a
new certificate from their usual sources. In other words, they
generated the key file and the CSR and got the certificate signed.
We then realised none of us knew how to install it on the Millennium
server! In the end, we were able to get it sorted out by putting the
certificate, chain file and key file in an area on the server and
Innovative installed it from there.
In other words, it is possible to get Innovative to install certificates
where the CSR has not been generated using their form and where the key
file has not been produced by them either. So if your network people
cannot do what Innovative suggest, you could try just getting them to
order the certificates in their usual way and ask Innovative to deal
with installing the key file too.
(I think that's how it was done last time our certificate was renewed in
2007 as well.)
Matthew
--
Matthew Phillips
Electronic Systems Librarian, Durham University
Durham University Library, Stockton Road, Durham, DH1 3LY
+44 (0)191 334 2941
-----Original Message-----
From: This list is for current and potential users of the Innopac system
[mailto:[log in to unmask]] On Behalf Of Karen Stevenson
Sent: 20 October 2010 14:41
To: [log in to unmask]
Subject: SAN certificates for Millennium products
Can anyone advise me on generating a SAN (Subject Name Authority)
certificate? More specifically how to generate the certificate signing
request so that I can then request the SAN certificate.
Currently we have separate certificates for Millennium WebOPAC and for
Encore. We're preparing to have SSO installed so we need to have a
wildcard or SAN certificate instead. CSDirect tells me to 'Specify the
main domain name that you will be using on the certificate. When you
submit the CSR to the certificate vendor, indicate that your request is
for a SAN certificate and provide the additional names that you would
like added'. However our University security team tell me that's not
acceptable, the certificate vendor can only sign what is generated, not
add in additional names.
I'm looking for clues as to what to do next. If anyone has successfully
installed a SAN certificate for Millennium products, please in touch!
Thanks,
Karen
---------------------------------------
Karen Stevenson
Library Management System Co-ordinator
Direct Line: +44 (0)141 330 6724
Library,
University of Glasgow,
Hillhead Street,
Glasgow, G12 8QE
www.lib.gla.ac.uk
The University of Glasgow, charity number SC004401
----------------------------------------
|