The HTTPS App allows you to enable https protocol as well as upload and install your SSL certificate for your custom domain and for each domain configured via the Multidomain App. Please refer to the Custom Domain article to learn more about our supported levels of domains.
Activating the HTTPS App
Begin by logging into your platform as the Superadmin. Access the Admin Menu from the gear icon in the header, then select the Apps and Features item in the menu. Next, select the Additional Features tab in the tab menu near the top of the page.
Then, find the HTTPS App from the list of apps in this tab, and press Try it For Free in the app’s row. Read the information, then select Start Free Trial. Please note that after the trial period ends, you will be charged for this app, as it is not a free feature. Once the app is activated in your platform, it can be accessed from the Admin menu. Let’s take a look at how to configure the app.
Setting Up the HTTPS App
In order to set up the HTTPS App, access the Admin Menu from the gear icon, then select the Advanced Settings item from the Settings section. Once you’re on the Advanced Settings page, select the HTTPS tab from the tabs menu on the left side. In this tab, flag whether you want to activate HTTPS to your standard domain (yourlms.docebosaas.com) or to your custom domain URL. You can also apply it to a domain you’ve created using Docebo’s Multidomain app when configuring the settings of that multidomain (not in the main Advanced Settings area of the platform).
Once you’ve selected the domain for which you want to add a certificate, move to the section below.
Option 1: You Already Have an SSL Certificate
If you already have an SSL certificate, flag the corresponding option the Certificate section. You then need to upload the SSL certificate, the key file that was provided to you by your certificate provider, and the Intermediate CA.
Please Note: You shouldn’t upload the certificate in a compressed file (.zip). Rather, you need to open the zip file and upload the uncompressed certificate file. The key files should not be password protected.
The file should be in a PEM format and included in a text file. Acceptable file types are: p8, key, p10, csr, cer, crl, p7c, crt, der, pem, p12, pfx, p7b, spc, p7r. The certificate file should include only the text between the following tags (include the tags in the text file):
- From “—–BEGIN CERTIFICATE—–“
- to “—–END CERTIFICATE—–“
The text between these tags should consist of lines of exactly 64 characters, with the final line containing 64 or fewer characters (this is according to the PEM format specifications).
Once the files are uploaded, press Save to complete the process. Once the files are uploaded correctly into your platform, this message will appear
Option 2: You Don’t Have an SSL Certificate
If you don’t have an SSL certificate yet, you need to flag the corresponding option in the Certificate section in the HTTPS tab. To activate the https, you must buy an SSL Certificate from a third party vendor. To do this, you must provide them with a CSR file. Your Docebo LMS will generate the CSR file (at 2048 bit) on your behalf. Once you’ve flagged the option that you need a certificate, simply fill the form with all of the required information in order to generate the CSR file.
Descriptions of each field in the CSR form:
- Country Name: The country where your organization is legally registered.
- State or Province Name (full name): Name of the state or province where your organization is located. Do not abbreviate.
- Location Name: Name of the city where your organization is registered/located. Do not abbreviate.
- Organization Name: The legally-registered name for your business. If you are enrolling as an individual, enter the certificate requestor’s name.
- Organization Unit: Department in your organization the certificate is for (e.g., IT or Marketing). If applicable, enter the DBA (doing business as) name.
- Common Name: The fully-qualified domain name, or URL, you’re securing. If you are requesting a Wildcard certificate, add an asterisk * to the left of the common name where you want the wildcard, for example *.mydomain.com.
Once you’ve finished filling out the form, press the Generate CRS File button, then download your new file. We strongly recommend downloading the key file as well, and store it in a safe place on your computer. Once you have downloaded your CSR file, send it to your SSL certificate vendor. Then, after your certificate provider sends you the SSL certificate, please select the ‘I have my certificate and I want to upload it’ option and follow the steps outlined above for this option.
Adding a Renewed Certificate
If your certificate has been renewed and you need to upload the new certificate in the platform, you first need to delete the old certificate in this area, obtain the new certificate, then upload the new certificate using the steps outlined above. In order to keep your site always up and running, the old certificate will remain active until you perform the substitution.
The certificate upload will work best if the Common Name is set to the exact URL users use to access the LMS. However, if you would like to set the Common Name as something other than this URL and provide the platform URL as a Subject Alternative Name, please reach out to the Docebo Helpdesk team to assist in the upload.
Once you have uploaded and set up your HTTPS certificate, we suggest checking your custom domain encryption using a tool like the following ones to confirm that the process has been completed successfully.
Please note: In order to have a correct learning object tracking when using a custom domain, make sure that your custom domain is fully secured using HTTPS. Refer to the links listed above for more information. Also note that Docebo supports Hypertext Transfer Protocol (HTTP and HTTPS) version 1.1.