Skip to main content
Blackboard Help


Secure Sockets Layer (SSL) is a protocol for protecting internet communications. SSL ensures that a communication is not read or changed by another entity. Blackboard Learn uses SSL to secure communications between the web server and the client machine.

SSL may also be used to secure the connection between Blackboard Learn and a separate server for authentication (such as an Active Directory server). If SSL will be used both for connecting to an authentication server and for client sessions, SSL for the authentication server must be configured first. To learn more about configuring SSL for securing with an integrated authentication server, see About the Authentication Framework.

Blackboard Learn 9.1 Service Pack 8 and later support SSL Offloading. See SSL Offloading.

How Does SSL Work?

SSL works through public key encryption. Transmissions are decrypted and encrypted using certificates. The steps below outline the process for establishing a connection over SSL:

  1. Client contacts the server with a list of encryption methods.
  2. The Server returns its certificate and a public key. These initial communications are scrambled with random data.
  3. Client validates the certificate.
  4. Client creates a secret string using an encryption method recognized by both the client and the server. The string is combined with the server's public key and sent back to the server.
  5. Both the client and server create session keys based on the secret string.
  6. The client sends a message to the server that it will now use the session key to encrypt and decrypt communications.
  7. The server responds that it will also use the session key.
  8. After each side confirms, the session keys are used to encrypt and decrypt communications during the session.

How to Obtain a Certificate

The simplest way to obtain a certificate for use with a Web site is through a vendor known as a Certifying Authority (CA). The process, shown in the steps below, is relatively simple.

  1. Generate a certificate request.
  2. Send the request to a CA.
  3. The CA creates and registers a certificate.
  4. Make this certificate available to the Web Server (IIS or Apache).

Certificates created in this way are usually registered and good for one year. After one year the certificate will no longer work and a new certificate must be obtained.

To remain secure, Blackboard recommends certificates with RSA key sizes at least 2048 bits in length. As per the National Institute of Standards and Technology (NIST) guidelines for Key Management (SP 800-57), Table 4 for recommended algorithms and minimum key sizes, certificates with RSA key sizes at or under 1024 bits are no longer considered secured and a minimum 2048 bits is considered secure through 2030.

If using a self-signed certificate, the certificate must be added to the list of allowed certificates on the client machine. If this is not done, the multi-upload feature will fail, as will a few other features that use SSL.

How Does SSL Appear to Users?

SSL works with the Hypertext Transfer Protocol (HTTP) to secure connections between Blackboard Learn Web server and the client machines. It is fairly easy to see when a Web page is using SSL to secure transmissions because an “s” is appended to the http at the beginning of the address.

Without SSL:

With SSL:

It is important to understand that if SSL is used to secure the Web page in this example then the first URL (without SSL) is invalid and will return a 404 error.

SSL Choice

To meet industry best practices for protecting internet communications, Blackboard recommends enabling SSL system wide instead of in select places. To that end, SSL Choice is being deprecated in SP 10. The SSL Choice option will be removed completely from an upcoming release of Blackboard Learn. If you are not already running Blackboard Learn over SSL, start planning to do so with the SP 10 release.

SSL Choice allows an institution to decide if all, none, or some of Blackboard Learn is secured with SSL. If SSL is to be used, it is most effective when applied to the entire web site and not just selected areas.

If you set SSL Choice to use SSL before you configure SSL on the web server, Blackboard Learn will not be accessible. To ensure that users can always log in, configure the web server for SSL prior to changing the SSL Choice security options.

SSL Offloading

SSL offloading relieves a web server of the processing burden of encrypting and decrypting traffic sent via SSL. If you have a system on your network that handles SSL Offloading, follow these steps to configure Blackboard Learn to make use of SSL offloading.

Ensure that Learn's HTTP port cannot be accessed directly from outside the firewall.

From the Administrator Panel

For institutions that will not redirect their entry site from HTTP to HTTPS, select the Require SSL checkbox in the IIS SSL Settings. For institutions that do need to redirect and do not have an external redirection solution, you can install URL Rewrite within IIS as follows:

  1. Install Microsoft Web Platform Installer. See
    1. Start the installer.
    2. In the Search field, search for "URL Rewrite".
    3. Select URL Rewrite and install Microsoft Web Platform Installer.
  2. Open the IIS Manager.
    1. Go to the Blackboard web site within IIS (for example, BBLEARN under Sites).
    2. In the Features view, open URL Rewrite.
    3. Click Add Rule.
    4. Click Blank Rule under the Inbound Rule section.
    5. Set the configuration as follows:
      1. Name: Rewrite HTTP to HTTPS
      2. Requested URL: Matches Pattern
      3. Using: Regular Expressions
      4. Pattern: (.*)
      5. Ignore Case: Selected
      6. Expand Conditions. Click Add.
      7. Conditions Input: {HTTPS}
      8. Check if Input String: Matches the Pattern
      9. Pattern: ^OFF$
      10. Ignore Case: Selected
      11. Expand Action and Set Action Type: Redirect
      12. Redirect URL: https://{HTTP_HOST}/{R:1}
      13. Append Query String: Selected
      14. Stop Processing of Subsequent Rules: Selected
      15. Click Apply (top-right of IIS Manager).