In a normal scenario, if your data is streamed through the internet without any kind of protection, someone could potentially capture and read it very easily. For example, it could be done by someone who connected to your WiFi network.
HTTPS protocol to protect data
To overcome this potential issue, websites which deliver and or manage sensitive information are using the HTTPS protocol: this is a security measure to encrypt data so it’s protected and remains unreadable if someone is able to steal it.
Within the SaaS (Software as a Service) world, there is a common option for this: vendors host customers on their own HTTPS-certified domain and allow them to use this secure access without any limitations.
Here’s an example: https://customername.vendorname.com or https://vendorname.com/customername
This usually works pretty well, especially for small companies. But large companies often need to go further as they need to deploy the SaaS application on their own domain, and get something like this: https://academy.customername.com
In all these cases, if the SaaS application supports custom certificates, organizations are able to provide their domains with HTTPS encryption and offer users a safer online environment.
How to secure your LMS data with Docebo
How can you actually leverage HTTPS protocol to secure your data? In the next few lines we’ll see the procedure to be followed with your Docebo learning management system.
The first step is to select your domain: this domain will be the master and it will be needed for all the other operations.
Let’s say that we are going with this domain: https://academy.mycompany.com.
If you haven’t already activated your custom domain app, then access your Docebo learning management system and activate it. This is easy, as you just need to go into your LMS, click on “apps & features” and then activate the custom domain app.
Now you should be able to reach your LMS at http://academy.mycompany.com, so it’s time to apply HTTPS to this domain.
HTTPS certificate for your Docebo LMS
Firstly, you have to activate the HTTPS app in your Docebo elearning platform.
A certificate is an electronic document that is released by a recognized authority that guarantees your existence and identifies your company. Some companies have wildcard certificates which cover lots of domains: you should ask for one of those certificates if they are available.
If that’s not the case, you can purchase a valid certificate by choosing from the many available vendors. In order to do so you will need a CSR that can be generated from within the Docebo HTTPS app by filling-in a simple form with your company data.
Once you have the certificate, you should also have a “.key” file with it. This file is needed to ensure safe communication between the final user and the web application. Finally, you should have a CA certificate, that is another kind of certificate that identifies the vendor who sold you the certificate.
All this info is entered into the HTTPS app. The system will perform a check on the information, and it will automatically configure HTTPS for you if everything is fine. If you encounter any difficulties, remember that our Help Desk is at your disposal at anytime and we can help you with this procedure!