Skip to content

How can we improve Primo?

← Primo

Automate SSL/TLS certificate management

For hosted Primo sites that have custom domain names, the current process for deploying SSL certificates involves time-consuming manual steps and hand-offs, many of which must be repeated each time a certificate is renewed. [1]

Several institutions will soon require SSL certificates to be renewed every 90 days, at which point the current manual process will become utterly unmanageable for both Ex Libris and its customers. [2]

I propose that Ex Libris adopt an ACME-like service (such as Let's Encrypt) to fully automate SSL certificate management. The customer's responsibility would be to set up a DNS record (as they do today), but the SSL certificates would be completely managed by Ex Libris through automation. Some of our vendors are already doing this (e.g. Springshare, Elsevier), and it makes life much easier for both the customers and the vendors.

[1] https://knowledge.exlibrisgroup.com/Cross-Product/Knowledge_Articles/Working_with_custom_domain_names_on_hosted_ExLibris_environments

[2] https://sectigo.com/resource-library/google-announces-intentions-to-limit-tls-certificates-to-90-days-why-automated-clm-is-crucial

303 votes
Vote

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
You have left! (?) (thinking…)
Jeff Peterson shared this idea  ·   ·  Admin →
How important is this to you?

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Nancy Babb commented  · 

    This would be a great help!

  • Beth Juhl commented  · 

    Considering that we start renewal of the annual certificate 6 weeks early (because, you know, the whole idea of expiring makes me nervous !) when and if we come to 90 days certs I'll almost be starting those new cert ticket processes before we complete the current one! Fully support this idea.

  • Ulrich Leodolter commented  · 

    we have already implemented for some of our 57 instituions on two primo MT installations hosted by us. and it works perfect :)

  • Rhonda Gilbraith commented  · 

    Yes! Couldn't agree more. This is currently an annual, time-consuming stresser.

  • Jamen McGranahan commented  · 

    From a Systems perspective, anything that can be automated is a must and with shrinking budgets and staff, we really really need to make this happen.

  • Peta Hopkins commented  · 

    +1 - I have no votes left for Primo ideas, but this would be excellent

  • Allen Jones commented  · 

    +1, this would also be great if it were view-aware so that we might have different subdomains for different views (alumni.library.newschool.edu vs. search.library.newschool.edu). This is just me being greedy, though.

Primo: Primo VE

Categories

Feedback and Knowledge Base

(thinking…)