Introduction
The HTTPS App allows you to enable HTTPS protocol as well as upload and install your SSL certificate for your custom domain and for each domain configured via the Extended Enterprise App. Please refer to the Custom Domain article to learn more about our supported levels of domains.
Activating the HTTPS App
Activate the HTTPS app as described in the Managing Apps & Features article of the Knowledge Base. The app is listed in the Docebo Additional Features tab.
Setting Up the HTTPS App
In order to set up the HTTPS App, access the Admin Menu from the gear icon, then select the Advanced Settings item from the Settings section. Once you're on the Advanced Settings page, select the HTTPS tab from the tabs menu on the left side. In this tab, flag whether you want to activate HTTPS to your standard domain (yourlms.docebosaas.com) or to your custom domain URL. You can also apply it to a domain you've created using Docebo's Extended Enterprise app when configuring the settings of that domain of the Extended Enterprise (not in the main Advanced Settings area of the platform).
Once you've selected the domain for which you want to add a certificate, move to the section below.
Using self-signed certificates causes errors on the platform’s features. Docebo recommends reaching out to a certificate provider to generate the certificate for the HTTPS protocol in order to provide an optimal user experience.
Option 1: You Already Have an SSL Certificate
If you already have an SSL certificate, flag the corresponding option in the Certificate section. You then need to upload the SSL certificate, the key file that was provided to you by your certificate provider, and the Intermediate CA.
Please Note: You shouldn't upload the certificate in a compressed file (.zip). Rather, you need to open the zip file and upload the uncompressed certificate file. The key files should not be password protected.
The file should be in a PEM format and included in a text file. Acceptable file types are: p8, key, p10, csr, cer, crl, p7c, crt, der, pem, p12, pfx, p7b, spc, p7r. The certificate file should include only the text between the following tags (include the tags in the text file):
- From "-----BEGIN CERTIFICATE-----"
- to "-----END CERTIFICATE-----"
The text between these tags should consist of lines of exactly 64 characters, with the final line containing 64 or fewer characters (this is according to the PEM format specifications).
Once the files are uploaded, press Save to complete the process. Once the files are uploaded correctly into your platform, this message will appear
Option 2: You Don't Have an SSL Certificate
Some registrars and certificate providers require you to choose the type of web server your site is hosted on in order to proceed through their registration process. In those cases choose or enter Apache as the hosting server type.
If you don't have an SSL certificate yet, you need to flag the corresponding option in the Certificate section in the HTTPS tab. To activate the HTTPS, you must buy an SSL Certificate from a third-party vendor. To do this, you must provide them with a CSR file. Your platform will generate the CSR file (at 2048 bit) on your behalf. Once you've flagged the option that you need a certificate, simply fill the form with all of the required information in order to generate the CSR file.
Descriptions of each field in the CSR form:
- Country Name: The country where your organization is legally registered.
- State or Province Name (full name): Name of the state or province where your organization is located. Do not abbreviate.
- Location Name: Name of the city where your organization is registered/located. Do not abbreviate.
- Organization Name: The legally-registered name for your business. If you are enrolling as an individual, enter the certificate requestor's name.
- Organization Unit: Department in your organization the certificate is for (e.g., IT or Marketing). If applicable, enter the DBA (doing business as) name.
- Common Name: The fully-qualified domain name, or URL, you're securing. If you are requesting a Wildcard certificate, add an asterisk * to the left of the common name where you want the wildcard, for example, *.mydomain.com.
Once you've finished filling out the form, press the Generate CSR File button, then download your new file. We strongly recommend downloading the key file as well and storing it in a safe place on your computer. Once you have downloaded your CSR file, send it to your SSL certificate vendor. Then, after your certificate provider sends you the SSL certificate, please select the ‘I have my certificate and I want to upload it’ option and follow the steps outlined above for this option.
Adding a Renewed Certificate
If your certificate has been renewed and you need to upload the new certificate in the platform, you first need to delete the old certificate in this area, obtain the new certificate, then upload the new certificate using the steps outlined above. In order to keep your site always up and running, the old certificate will remain active until you perform the substitution.
Troubleshooting Tips
The certificate upload will work best if the Common Name is set to the exact URL users use to access the platform. However, if you would like to set the Common Name as something other than this URL and provide the platform URL as a Subject Alternative Name, please reach out to the Docebo Helpdesk team to assist in the upload; to avoid problems, we suggest to reach out to the Docebo Helpdesk team at least one month before the expiration of the current certificate.
Once you have uploaded and set up your HTTPS certificate, we suggest checking your custom domain encryption using a tool like the following ones to confirm that the process has been completed successfully.
In order to have a correct training material tracking when using a custom domain, make sure that your custom domain is fully secured using HTTPS. Refer to the links listed above for more information. Also note that Docebo supports Hypertext Transfer Protocol (HTTP and HTTPS) version 1.2.