To use TLS to secure Blackboard Learn the Apache™ HTTP Server (Web server) must first be set to use TLS.
Successful completion of this process requires that Solaris users are running Solaris 10, Solaris 9, or Solaris 8 with patch 112438-02.
Configuring TLS should only be done by an experienced administrator.
How to Configure TLS for Apache HTTP Server
- Log in to the Web/application server as root.
- Set the PATH to include the OpenSSL provided by Blackboard with the following commands:
- Test that OpenSSL is in the PATH by executing openssl. If OpenSSL is set in the PATH correctly, an OpenSSL> prompt will appear. Enter ‘q’ to exit the prompt. If another instance of openssl is installed on the operating system make sure that the version supplied by Blackboard is the version that appears in the PATH.
- Create a directory to store certificates. Then change directories. For example:
- Create a RSA private key:
openssl genrsa –out server.key 2048
where server is a variable for the file name. Typically the server name is used. To learn more about RSA key size recommendations, see How to Obtain a Certificate.
- Backup this file and make sure that only root has read permissions on it. Make sure that the password is secure and can be recalled when necessary. (need to recall to start the server).
- Create a Certificate Signing Request (CSR) for the server RSA private key with the following command:
openssl req –new –days 365 –key server.key –out server.csr
The –days option sets the expiration of the certification. Most Certifying Authorities will only sign a certificate for 1 year. At that time the certificate must be resigned.
- View the details of the CSR with the following command:
openssl req –noout –text –in server.csr
When submitting the request, it may be necessary to view the file and copy text from it for submission to the Certifying Authority (CA).
- Send the CSR to a Certifying Authority for signing. There are several commercial options available or you can sign your own if you have the capability. The output of either process is a server.crt file.
- Edit the /blackboard_home/apps/httpd/conf/httpd.conf file to include the following directive:
- Edit the /blackboard_home/config/bb-config.properties file by modifying the following attributes, as shown below.
bbconfig.unix.ssl.certificatefile=/path/server.crtTo learn more, see bb-config.properties File.
- Edit the /blackboard_home/apps/httpd/conf/ssl.conf file to use designate the level of encryption. Blackboard recommends the use of strong encryption, for example:
SSL Protocol -ALL +SSLv3 +TLSv1
- Run PushConfigUpdate as shown below.
To learn more,see PushConfigUpdates.
- The SSL Choice feature can now be used to select which areas of Blackboard Learn use TLS.