Option ForceWildcardCertificate
Option ForceWildcardCertificate allows EZproxy administrators to treat the installed SSL certificate as a wildcard certificate. This is necessary in cases where the Certificate Name of the installed SSL certificate does not include a wildcard entry, and the wildcard entry appears instead in the Subject Alternate Name field. This is a rarely used directive, as EZproxy V6.1 and later should read SSL certificates correctly by default.
Option ForceWildcardCertificate is a position-independent directive that interacts with the installed SSL certificate. This directive will cause EZproxy to look in both the Common Name (CN) and the Subject Alternate Name (SAN) fields for a wildcard entry, such as:
*.ezproxy.yourlib.org
This directive is compatible with EZproxy V6.1 and later. EZproxy V6.1 should read the CN and SAN for a wildcard entry by default; however, if you experience any of the problems below, this directive might be necessary:
- Browser warnings when accessing administration https URLs
- Difficulty accessing https hostnames. For example, when you click on the starting point URL http://ezproxy.yourlib.org/login?url=https://www.researchdb.com, you should see it rewritten in your browser as https://www-somedb-com.ezproxy.yourlib.org. If you do not see https URLs rewritten in this way with hyphens you may be experiencing wildcard certificate problems. Adding Option ForceWildcardCertificate should resolve these issues.