Improving elearning security through HTTPS

Home / Docebo Blog / Improving elearning security through HTTPS
Protection of data is something big companies really care about. And as training is, without a doubt, an online activity which requires enormous data exchange, today we’ll share some hints about how you can secure your online training content and build a safer elearning environment in a few steps.

Usually, training content (online courses, for example, but also powerpoint presentations, as well as PDF or video files) is hosted on a Learning Management System and it is sent via the internet to users who are attending a learning program.

In a normal scenario, if your data is streamed through the internet without any kind of protection, someone could potentially capture and read it very easily. For example, it could be done by someone who connected to your WiFi network.

HTTPS protocol to protect data

To overcome this potential issue, websites which deliver and or manage sensitive information are using the HTTPS protocol: this is a security measure to encrypt data so it’s protected and remains unreadable if someone is able to steal it.

Within the SaaS (Software as a Service) world, there is a common option for this: vendors host customers on their own HTTPS-certified domain and allow them to use this secure access without any limitations.

Here’s an example: https://customername.vendorname.com or https://vendorname.com/customername

This usually works pretty well, especially for small companies. But large companies often need to go further as they need to deploy the SaaS application on their own domain, and get something like this: https://academy.customername.com

In all these cases, if the SaaS application supports custom certificates, organizations are able to provide their domains with HTTPS encryption and offer users a safer online environment.

How to secure your LMS data with Docebo

How can you actually leverage HTTPS protocol to secure your data? In the next few lines we’ll see the procedure to be followed with your Docebo learning management system.

The first step is to select your domain: this domain will be the master and it will be needed for all the other operations.

Let’s say that we are going with this domain: https://academy.mycompany.com.

If you haven’t already activated your custom domain app, then access your Docebo learning management system and activate it. This is easy, as you just need to go into your LMS, click on “apps & features” and then activate the custom domain app.

Once activated you can configure it easily by typing-in the domain name then confirming it. After the confirmation message, the system will give you a very important set of information that’s needed to properly configure your DNS. The DNS lets the world know which server is responsible for a domain, and usually your IT team is in charge of the settings.

Now you should be able to reach your LMS at http://academy.mycompany.com, so it’s time to apply HTTPS to this domain.

HTTPS certificate for your Docebo LMS

Firstly, you have to activate the HTTPS app in your Docebo elearning platform.

The procedure is exactly the same as for the custom domain. Once you have activated the app, you have two choices depending on whether you already have a valid certificate for the domain or not.

A certificate is an electronic document that is released by a recognized authority that guarantees your existence and identifies your company. Some companies have wildcard certificates which cover lots of domains: you should ask for one of those certificates if they are available.

If that’s not the case, you can purchase a valid certificate by choosing from the many available vendors. In order to do so you will need a CSR that can be generated from within the Docebo HTTPS app by filling-in a simple form with your company data.

Once you have the certificate, you should also have a “.key” file with it. This file is needed to ensure safe communication between the final user and the web application. Finally, you should have a CA certificate, that is another kind of certificate that identifies the vendor who sold you the certificate.

All this info is entered into the HTTPS app. The system will perform a check on the information, and it will automatically configure HTTPS for you if everything is fine. If you encounter any difficulties, remember that our Help Desk is at your disposal at anytime and we can help you with this procedure!