[OPEN-ILS-GENERAL] Disabling SSL in Evergreen ILS

Thu Mar 30 10:09:53 EDT 2017

For single server implementations, there are also free certificates 
available from organizations like StartSSL.

On 03/30/2017 10:04 AM, Rogan Hamby wrote:
> While SSL on an intranet may not be necessary it still isn't harmful.  
> I may be of a paranoid bent but you can have security issues even on 
> an intranet, especially large geographically distributed ones.  And 
> with the increasingly punitive behavior of browsers to punish 
> non-encrypted connections in various ways (usually with warnings and 
> such) I'd question if it would be easier to just implement the SSL for 
> the intranet than try to pass around it.
>
>
>
> Rogan Hamby
>
> Data and Project Analyst
>
> Equinox Open Library Initiative
>
> phone:  1-877-OPEN-ILS (673-6457)
>
> email:  rogan at EquinoxInitiative.org
>
> web: http://EquinoxInitiative.org
>
> On Thu, Mar 30, 2017 at 10:00 AM, Jason Stephenson <jason at sigio.com 
> <mailto:jason at sigio.com>> wrote:
>
>     I should add that the staff client requires SSL and there's no
>     easy way
>     to chagne that, so you can't completely disable SSL and expect
>     things to
>     still function properly.
>
>
>
>     On 03/30/2017 09:23 AM, Jason Stephenson wrote:
>     > Jayaraj,
>     >
>     > It would be done via the Apache configuration files. You'd move
>     > everything from the SSL enabled vhost configurations to the non-SSL
>     > vhosts, i.e everything from the port 443 configuration sections
>     to the
>     > port 80 configuration. Some of that configuration is duplicated,
>     so only
>     > the unique things need to go.
>     >
>     > There may also be some directives to force SSL on some
>     locations. You'll
>     > want to remove those also.
>     >
>     > I'm writing this from memory without looking at the files, which is
>     > alway a bad thing to do, but I think that covers it.
>     >
>     > HtH,
>     > Jason
>     >
>     > On 03/30/2017 04:16 AM, Jayaraj JR wrote:
>     >> Hello,
>     >>
>     >> Greetings of the day !
>     >>
>     >> SSL or https is a better option as far as security is
>     concerned. But the
>     >> heightened security level may not be necessary at many times
>     especially
>     >> while using Evergreen in Intranet. Besides the browser often
>     warns the
>     >> user that entering to my account in evergreen catalog is
>     dangerous if
>     >> purchased SSL is not implemented. This may often create
>     confusion for
>     >> childern and beginning users who are not well versed with
>     computers.
>     >> They are very often advised to add security exception for
>     accessing the
>     >> library catalog.
>     >>
>     >> It would appreciable, if any option or configuration is
>     available to
>     >> disable the SSL and to use the full library catalog via http.
>     >> Kindly advice the configuration to use my account in Evergreen
>     catalog
>     >> via http itself and not https
>     >>
>     >> --
>     >> Thanks in Advance,
>     >>
>     >> Jayaraj J R
>     >> Library Information Assistant
>     >> IISER Thiruvananthapuram
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://libmail.georgialibraries.org/pipermail/open-ils-general/attachments/20170330/73cc559f/attachment.html>