To fully customize your portal, TalentLMS lets you map a custom domain instead of using the default TalentLMS domain. However, for your website to be secure and certified as safe for users and visitors, you need to set up an SSL (Secure Sockets Layer) connection.
SSL certificates are used to establish a secure encrypted connection between a server (i.e., the website) and a web browser (i.e., the end user's computer). An SSL connection protects all the sensitive data (i.e., passwords, etc.) exchanged during sessions (i.e., visits to the website). At the same time, it boosts credibility by labeling a website as safe and trustworthy (i.e., the lock symbol next to the URL).
In theory, one can use a self-signed SSL certificate to secure their connection. However, most systems, including browsers, don’t trust self-certified certificates. Instead, they rely on trusted third-party entities known as Certificate Authorities (CA) to vouch for the authenticity of an SSL certificate (nearly always for a fee). There are many types of SSL certificates and many providers to choose from.
TalentLMS offers you two options for securing and certifying your custom domain:
- Use our SSL certificate by LetsEncrypt.
- Use an SSL certificate by the CA of your choice.
Let’s have a closer look.
Activating SSL for a custom domain requires a certain level of technical expertise and collaboration between your team and ours.
A. Activate your SSL certificate for your custom domains
From TalentLMS 3.5 onwards, we have simplified the SSL activation process by integrating with LetsEncrypt to offer you an SSL certificate for your custom domain. This is enabled by default for Basic, Plus, and Premium plans.
|Note: Due to restrictions by the LetsEncrypt service, our SSL certificate can cover up to 100 different hostnames. If your portal has or is expected to have more than 99 branches, then you must issue your own wildcard SSL certificate.
After you setup your custom domain mapping, in less than 24 hours your LetsEncrpyt SSL will be installed and will secure your main domain and branches (if using).
First, you need to choose one of the many acclaimed Certificate Authorities such as GeoTrust, Comodo, Symantec, and Thawte. For your convenience, all major domain providers (e.g., GoDaddy, NameCheap) let you purchase an SSL certificate from various CAs directly from your admin interface.
|Note: If your SSL issuer does not provide a private key with your certificate, you can generate a CSR and private key in TalentLMS which can be used to build your custom SSL certificate. Just follow the steps in this article.
After selecting your provider, just follow these steps:
1. Make sure you have properly mapped your custom domain to TalentLMS (see this article) to be able to obtain an SSL certificate for that domain.
|Note: If your portal has branches, you have to get a wildcard (or STAR) certificate to handle all custom domains.
2. Login as Administrator, go to Account & Settings, click the Portal tab and select Custom domain.
3. Select Use custom SSL certificate.
4. Prepare your SSL certificate and CA bundle in PEM format, as per the instructions in the Add a custom SSL certificate (1) section.
5. Paste the data into the PEM Certificate (2) input box and click Save (3).
6. If the installation is successful, a success message appears and you can see the data related to your SSL expiry date.
- Malformed certificate
Ensure the headers are all correct in your PEM certificate, as per our example.
- Invalid certificate
Certificate is not valid for the mapped custom domain. Check and correct the mapping or upload the correct certificate for your mapped domain.
- Failed to install new SSL Certificate. The previous certificate is still active.
Your installed certificate is the same as the one currently uploaded for your custom domain. Generate a new SSL, convert to PEM format and upload again.
- Failed to install SSL certificate. Please contact support for more information.
Contact the TalentLMS support team to check and assist with this issue.