To use SSL to secure Blackboard Learn the Apache Web server must first be set to use SSL.
Successful completion of this process requires that Solaris users are running Solaris 10, Solaris 9, or Solaris 8 with patch 112438-02.
Configuring SSL should only be done by an experienced administrator.
Once SSL is configured, the SSL Choice feature (accessible from the Administrator Control Panel) will function correctly. Trying to use the SSL Choice feature before configuring SSL for Apache can result in serious system errors.
How to Configure SSL for Apache
- Log in to the Web/application server as root.
- Set the PATH to include the OpenSSL provided by Blackboard with the following commands:
- Test that OpenSSL is in the PATH by executing openssl. If OpenSSL is set in the PATH correctly, an OpenSSL> prompt will appear. Enter ‘q’ to exit the prompt. If another instance of openssl is installed on the operating system make sure that the version supplied by Blackboard is the version that appears in the PATH.
- Create a directory to store certificates. Then change directories. For example:
- Create a RSA private key:
openssl genrsa –out server.key 2048
where server is a variable for the file name. Typically the server name is used. See How to Obtain a Certificate for more information on RSA key size recommendations.
- Backup this file and make sure that only root has read permissions on it. Make sure that the password is secure and can be recalled when necessary. (need to recall to start the server).
- Create a Certificate Signing Request (CSR) for the server RSA private key with the following command:
openssl req –new –days 365 –key server.key –out server.csr
The –days option sets the expiration of the certification. Most Certifying Authorities will only sign a certificate for 1 year. At that time the certificate must be resigned.
- View the details of the CSR with the following command:
openssl req –noout –text –in server.csr
When submitting the request, it may be necessary to view the file and copy text from it for submission to the Certifying Authority (CA).
- Send the CSR to a Certifying Authority for signing. There are several commercial options available or you can sign your own if you have the capability. The output of either process is a server.crt file.
- Edit the /blackboard_home/apps/httpd/conf/httpd.conf file to include the following directive:
- Edit the /blackboard_home/config/bb-config.properties file by modifying the following attributes, as shown below.
bbconfig.unix.ssl.certificatefile=/path/server.crtTo learn more, see bb-config.properties File.
- Edit the /blackboard_home/apps/httpd/conf/ssl.conf file to use designate the level of encryption. Blackboard recommends the use of strong encryption, for example:
SSL Protocol -ALL +SSLv3 +TLSv1
- Run PushConfigUpdate as shown below.
To learn more,see PushConfigUpdates.
- The SSL Choice feature can now be used to select which areas of Blackboard Learn use SSL. To learn more about using SSL Choice, see SSL Choice.