To use SSL to secure Blackboard Learn the IIS Web server must first be set to use SSL. Configuring SSL should only be done by an experienced Microsoft administrator.
Once SSL is configured, the SSL Choice feature (accessible from the Administrator Control Panel) will function correctly. Trying to use the SSL Choice feature before configuring SSL for Apache can result in serious system errors.
How to Configure SSL for IIS
- Open the Internet Services Manager.
- Right-click on the blackboard_bblearn Web site and select Properties from the menu.
- Click the Directory Security tab.
- Click Server Certificate in the Secure communications frame at the bottom of the tab.
- The Web Server Certificate Wizard will appear. The Status of your Web server should report that there is not a certificate installed and there are no pending requests. If anything else appears, there may be a certificate installed or a pending request already. Click Next to advance.
- Select Create a new certificate and click Next to advance.
- Select Prepare the request now, but send it later and click Next to advance.
- Enter a name for the certificate (the name of the Web site in IIS is the default) and select a bit length from the drop-down list. Blackboard recommends a bit length of 2048. See How to Obtain a Certificate in About SSL for more information on RSA key size recommendations. Click Next to advance.
- Enter the name of your Organization and your Organizational unit in the fields. This information is important to ensure that your certificate is unique and easily identified. Click Next to advance.
- Enter the Common name of the Web site. The host plus the domain name works best (example: blackboard_server.yourinstitution.edu). Click Next to advance.
- Enter the appropriate geographical information for your institution. Click Next to advance.
- Enter a file name for the certificate request or click Next to select the default and advance.
- Click Finish to create the certificate request.
- Send the certificate request to a Certifying Authority. There are several commercial vendors or you can sign your own if you have the capability. The output from the Certifying Authority will be a file with the extension .cer.
- Once you have obtained a .cer file, return to the Web Server Certificate Server as described in Steps 1-4.
- Select Process the Pending Request and click Next to advance.
- Enter the location of the .cer file and click Next to advance.
- Click Next to advance through the summary steps (be sure to review the summaries to make sure you are installing the correct certificate!).
- Return to the Properties box for the blackboard_bblearn Web site as described in Steps 1 and 2.
- If the Web Site tab is not active, select it.
- Enter 443 for the SSL Port in the Web Site Identification frame at the top of the tab.
- Blackboard recommends the use of strong encryption. Typically, strong encryption means only using SSLv3 and TLSv1 algorithms. Visit the Microsoft Support article How to disable PCT 1.0, SSL 2.0, SSL 3.0, or TLS 1.0 in Internet Information Services.
- Restart the server to complete the process.