Moodle SSL Certificate (Secure Sockets Layer) and HTTPS
A Moodle SSL Certificate Will Secure Your Site
If desired, Moodle provides an optional SSL Certificate on the login page or site-wide for clients seeking a higher degree of security.
When taking care of a Moodle-site, there are some good reasons why an organization would want to make the entire Moodle-site operate on an HTTPS:// link. This will ensure all data transmitted over Moodle will be on a secured SSL connection.
If you are using Moodle, you need to ensure that you have an SSL Certificate that will have the ability to check and install it into Moodle’s open-source software application platform. By not using a Moodle SSL Certificate, it will not allow you to update since Moodle.org will not be able to securely validate your Moodle-site.
Since only secure Moodle SSL Certificates – digital communication that is through HTTPS – enables Moodle-site to fetch information (updates, patches, fixes, etc.) from Moodle.org, you will not be able to update your Moodle-site without a SSL Security Certificate for a secure HTTPS Internet connection.
Exactly what is entailed with making a Moodle-site safe and is there any kind of down time?
Site-wide Moodle SSL Certificate will need to reconfigure the system in order to operate on HTTPS requests for the website to transmit the encrypted information.
No downtime is required, present login sessions would need to re-log back in when the change to HTTPS happens (meaning, individuals that are presently logged in via HTTP will certainly have to login again by HTTPS once the change happens).
Will Moodle sites experience any slowness or any other concerns if we secure our entire website?
Hypothetically, the website might be a little slower; however it is actually not seen as a serious issue. Moodle utilizes an application on the server that is devoted to handling the encryption for the Moodle SSL Certificate.
In other words the way Moodle deals with the site’s SSL Certificate generally alleviates the slowdown related to using this method of security.
There could be some user- and client-end changes seen in their personal web-browser when they use a Moodle-site with a SSL Certificate connection that could create some slowness too, but normally these are thought as negligible too.
Why do you get a Safety Warning alert after we enter our user qualifications and click the login button?
The security alerting shown below will show up if the SSL certificate has been arrangement, but has actually not been enabled within Moodle. Go to: Site Administration -> Security -> HTTP Security and check the box for “Use HTTPS for Logins”.
Completing an SSL Certificate for HTTPS with Moodle
a. Log in to cPanel
a. Browse to the config.php data in File manager
b. Try to find the line17 (on default config documents) that shows:
c. Change the HTTP:// to HTTPS:// to the following:
Place the adhering to code to compel the HTTPS:// redirect
a. RewriteEngine On
b. RewriteClond % 80
c. RewriteRule ^(. \*)$ HTTPS://www.yourdomain.com/$1 [R, L]
d. Save the. htaccess data
Setting Moodle To Work Over HTTPS
Hypertext Transfer Protocol Secure (HTTPS) is a communications process for secure interaction over a computer network, with specifically broad deployment on the web.
Technically, it is not a protocol per se; rather, it is the outcome of just layering the Hypertext Transfer Method (HTTP) atop the SSL/TLS process, therefore adding the safety abilities of SSL/TLS to typical HTTP communications.
Turning this on will make Moodle SSL Certificate use a secure HTTPS connection just for the login page (providing a secure login), and then afterwards revert back to the normal HTTP URL for general speed.
CAUTION: This setting REQUIRES HTTPS to be specifically enabled on the web server – if it is not then YOU COULD LOCK YOURSELF OUT OF YOUR SITE.
You will need to remove yourdomain.com to your domain name where your Moodle website is put in. If the web server does not have actually a Moodle SSL Certificate installed, there will certainly be a mistake when going to the site.
Now that the information is described, we could undergo setting up a Moodle SSL Certificate for logging in on an HTTPS / SSL link.
How to require HTTPS for Moodle Login
1. Login to your Moodle-site.
2. Go to Site Administration-> Security -> HTTP Security
3. On the HTTP Security, select the “Use HTTPS for logins” and “Secure cookies only” check boxes.
4. Now, when at the Moodle login page it will go to HTTPS rather than HTTP, if the HTTPS is functioning correctly then all of the information is being transmitted securely.
For a lot more on Moodle security tips and tricks to make your site a lot more safe, check out: http://docs.moodle.org/25/en/Security_recommendations