Disclaimer: With the introduction of the Domain Management feature, the HTTPS app is no longer used for activating HTTPS on your platform. Please see Domain Management for more information.
If Domain Management is activated on your platform then, instead of the configuration settings for HTTPS, this section in your Advanced Settings shows a message and a link to redirect to Domain Management, with all other functionality removed.
Introduction
The HTTPS App allows you to enable HTTPS protocol as well as upload and install your SSL certificate for your custom domain and for each domain configured via the Extended Enterprise App. Please refer to the Custom Domain article to learn more about our supported levels of domains.
Activating the HTTPS app
Activate the HTTPS app as described in the Managing Apps & Features article of the Knowledge Base. The app is listed in the Docebo Additional Features tab.
Setting up the HTTPS app
In order to set up the HTTPS App, access the Admin Menu from the gear icon, then select the Advanced Settings item from the Settings section. Once you are on the Advanced Settings page, select the HTTPS tab from the tabs menu on the left side. In this tab, flag whether you want to activate HTTPS to your standard domain (yourlms.docebosaas.com
) or to your custom domain URL. You can also apply it to a domain you have created using Docebo's Extended Enterprise app when configuring the settings of that domain of the Extended Enterprise (not in the main Advanced Settings area of the platform).
Once you have selected the domain for which you want to add a certificate, move to the section below.
Please Note: Using self-signed certificates causes errors on the platform’s features. Docebo recommends reaching out to a certificate provider to generate the certificate for the HTTPS protocol in order to provide an optimal user experience.
Option 1: You already have an SSL certificate
If you already have an SSL certificate, flag the corresponding option in the Certificate section. You then need to upload the SSL certificate, the key file that was provided to you by your certificate provider, and the Intermediate CA.
Please Note: You should not upload the certificate in a compressed file (.zip). Rather, you need to open the zip file and upload the uncompressed certificate file. The key files should not be password protected.
The file should be in a PEM format and included in a text file. Acceptable file types are:
p8
key
p10
csr
cer
crl
p7c
crt
der
pem
p12
pfx
p7b
spc
p7r
The certificate file should include only the text between the following tags (include the tags in the text file):
-
From "
-----BEGIN CERTIFICATE-----
" -
to "
-----END CERTIFICATE-----
"
The text between these tags should consist of lines of exactly 64 characters, with the final line containing 64 or fewer characters (this is according to the PEM format specifications).
Once the files are uploaded, press Save to complete the process. Once the files are uploaded correctly into your platform, you will receive a message telling you that your certificate was uploaded correctly, along with the expiration date.
Please Note: The ability to upload a certificate will appear just once in the HTTPS app. If you make an error or wish to change your certificate, please contact the Help Desk for assistance.
Option 2: You do not have an SSL certificate
Please Note: Some registrars and certificate providers require you to choose the type of web server your site is hosted on in order to proceed through their registration process. In those cases choose or enter Apache as the hosting server type.
If you do not have an SSL certificate yet, you need to flag the corresponding option in the Certificate section in the HTTPS tab. To activate the HTTPS, you must buy an SSL Certificate from a third-party vendor. To do this, you must provide them with a CSR file. Your platform will generate the CSR file (at 2048 bit) on your behalf. Once you have flagged the option that you need a certificate, simply fill the form with all of the required information in order to generate the CSR file.
Descriptions of each field in the CSR form:
- Country name
- The country where your organization is legally registered.
- State or province name (full name)
- The name of the state or province where your organization is located. Do not abbreviate.
- Location name
- The name of the city where your organization is registered or located. Do not abbreviate.
- Organization name
- The legally-registered name for your business. If you are enrolling as an individual, enter the certificate requestor's name.
- Organization unit
- The department in your organization that the certificate is for (for example, IT or Marketing). If applicable, enter the DBA (doing business as) name.
- Common name
- The fully-qualified domain name, or URL, you are securing. If you are requesting a Wildcard certificate, add an asterisk
*
to the left of the common name where you want the wildcard. For example,*.mydomain.com
.
Once you have finished filling out the form, press the Generate CSR File button, then download your new file. We strongly recommend downloading the key file as well and storing it in a safe place on your computer. Once you have downloaded your CSR file, send it to your SSL certificate vendor. Then, after your certificate provider sends you the SSL certificate, please select the I have my certificate and I want to upload it option and follow the steps outlined above for this option.
Adding a renewed certificate
If your certificate has been renewed and you need to upload the new certificate in the platform, you first need to delete the old certificate in this area, obtain the new certificate, then upload the new certificate using the steps outlined above. In order to keep your site always up and running, the old certificate will remain active until you perform the substitution.
Troubleshooting tips
The certificate upload will work best if the Common Name is set to the exact URL users use to access the platform. However, if you would like to set the Common Name as something other than this URL and provide the platform URL as a Subject Alternative Name, please reach out to the Docebo Helpdesk team to assist in the upload; to avoid problems, we suggest to reach out to the Docebo Helpdesk team at least one month before the expiration of the current certificate.
Once you have uploaded and set up your HTTPS certificate, we suggest checking your custom domain encryption using a tool like those in the following list to confirm that the process has been completed successfully.
Please Note: In order to have a correct training material tracking when using a custom domain, make sure that your custom domain is fully secured using HTTPS. Refer to the links listed above for more information. Also note that Docebo supports Hypertext Transfer Protocol (HTTP and HTTPS) version 1.2.