One of the most important, albeit technical, improvement introduced in the latest TalentLMS release is the free SSL for custom domains. In this article, I will provide an intro to this functionality, the rationale behind it and what it means for you as a user.
The Internet is a dangerous place. Whenever you submit information on a web-page, this information traverses multiple network nodes to reach the server behind the web-page. Each of those nodes can be “listening” and analyzing received data (a technique that is called “sniffering”). A bad actor can try to decode the packages for important information. And this information may include passwords or credit cards.
This critical issue is well known and countermeasures have been proposed. The best way to avoid this threat is to submit data over a secured communication channel known as Secured Socket Layer (SSL). SSL Certificates, sometimes called digital certificates, are used to establish a secure encrypted connection between a browser and a server (website).
The SSL connection protects sensitive data, such as credit card information or passwords, exchanged during each visit (session). An SSL secured website is easily distinguishable on your web browser as it has a green icon prior to the URL on the address bar.
Due to the real threats, major web browsers are moving away from non-SSL protected websites. For example, Chrome recently started labeling all form fields on standard HTTP pages as “not-secure”
At the same time, payment gateways like Stripe started enforcing communication of any payment related info only over a secure channel. It seems that it will soon be impossible to use non-secure websites even for simple training, let alone any course selling.
SSL and Whitelabeling on TalentLMS
TalentLMS has always provided an SSL connection for its website and all subdomains created in the form *.talentlms.com. However, when a customer opts to use their own custom domain, a new SSL certification is needed. Getting an SSL certification is a rather cumbersome technical process and requires specialized knowledge.
It also usually involves some hard cost for buying the certificate for a trusty third party provider. Moreover, no certification lasts forever. So you need to renew your certificate every year or so.
Whitelabeling is one of the core ingredients of the TalentLMS offering and a custom domain is a necessary ingredient of the white-labeling process. We have calculated that around 1/3 of our customers opt to use their own domain to access their TalentLMS portal. For all of them, getting an SSL for their custom domain is becoming a necessity under the new internet era.
To this end, we have decided to invest significantly in reducing the burden of managing SSL certification for clients’ custom domains. The details are fairly complex but the end result is rather easy to comprehend: we can activate SSL for your custom domain without you having to do anything!
Behind the scenes, we have built an integration with the letsencrypt.com service. This integration is responsible for getting, installing and updating certifications on your behalf – and it works on your branches as well!
When to buy your own SSL Certification
There are still cases that you might opt to get your own certification. For example, if you want on top of a green lock on the browser bar to also show your company name (something that is called extended validation) then you still need to buy an SSL certification.
Also, most commercial SSL certifications attach some guarantees in case of a communication bridge that is usually translated to money. This is not the case for certification created with letsencrypt.
As we move forward, an SSL certificate for any portal delivered over the TalentLMS platform will become a necessity. Major browsers already offer warnings for non-encrypted websites that ruin somewhat the end-user experience.
Starting from the next version of TalentLMS we will integrate the process of selecting a custom domain and getting an SSL certification. But for the time being, read this article on how you can request your free SSL.