Chamilo
Chamilo 1.11 - English
Chamilo 1.11 - English
  • Introduction
  • Teacher Guide
    • Introduction
    • Getting to know Chamilo
      • What is Chamilo?
      • About this guide
      • Who is this guide for?
      • How to use this guide.
      • General usability
      • Why Chamilo?
        • Learning paradigm
        • Common interface elements
    • The Chamilo homepage
    • Registering on the platform
    • Finding your way in Chamilo
    • Course creation
    • Control course access
    • Organizing courses
      • Personal categories
      • Subscribing to other courses
      • Courses management icons
    • Course administration
    • Course homepage
      • Introductory text
      • Authoring tools
      • Interaction tools
      • Administration tools
    • First Steps: Documents
      • Create a directory
      • Quick-change of directory
      • Importing a document
      • Authoring content in Chamilo
      • Saving documents
      • Deleting a file or a directory
      • Watching course quotas
      • Slideshow
    • Interactivity: Tests
      • Introduction
      • Creating a new test
      • Feedback, score and correct answers
      • Test types
      • Adding questions to the test
      • Recycling existing questions
      • Importing: HotPotatoes, IMS/QTI2, Excel
      • Test results
    • Communication : Forums
      • Using forum views
      • Add forum categories
      • Add forum
      • Manage forum categories
      • Manage forums
      • Start a new topic
      • Manage discussion threads
      • Manage messages
      • Give your learners a score
      • Give a score from a message
      • Add a message to a thread
      • Reply to a specific message
      • Quote a previous message
      • Reply or Reply to this topic
      • Search a forum element
    • Structure: Learning paths
      • Introduction
      • Create a learning path
      • Add Learning Objects and Activities
      • Import AICC and SCORM
      • Managing learning paths
      • Prerequisites
      • Generating certificates
    • Reporting
      • Tracking learners
      • Show individual learner's details
      • Course reporting
      • Resource Reporting
      • Test/exam Reporting
    • Assignments
      • Assignment creation
      • Completion of assignments by students
      • Manage assignments
      • Setting up the assignment evaluation
      • Assignment expiry dates
      • Marking assignments
    • Users
      • Subscribe users
    • Assessments
      • Assessments pre-configuration
      • Sub-assessments
      • Adding classroom activities
      • Adding online activities
      • Weights
      • List view
      • How students generate certificates
      • Students certificates management
      • Linking assessments with skills
      • Linking certificates with learning paths
    • Wiki
      • Starting the wiki
      • Add a new linked page
      • Add a new orphan page
      • Commenting a page
      • Other wiki features
    • Links
      • Links categories
      • Links
      • Manage links
      • Links checker
    • Announcements
      • Add an announcement
      • Announcements management
    • Glossary
      • New term
      • Glossary terms management
    • Attendances
      • Create an attendance sheet
      • Recording attendances
    • Course progress
      • Create a thematic section
      • Define the thematic plan
      • Create steps for the course progress
    • Agenda
      • Adding an event to the course agenda
      • Import and export events
      • Adding an event to the personal Agenda
    • Dropbox
      • Folders
      • Send a file to specific users
      • Managing dropbox files
      • Read and add comments on a file
    • Groups
      • Create a group
      • Groups settings
      • Auto-filling a group
      • Fill a group manually
      • Getting into a group space
      • Overview /Export of group members
      • Groups management
    • Chat
      • Send a message
      • Empty messages
    • Survey
      • Survey creation
      • Add survey questions
      • Survey preview
      • Survey publication
      • Results
      • Surveys management
    • Notebook
      • Notes creation
      • Sort notes
    • Projects
      • Project creation
      • Subscribe learners to a project
      • New article/task
      • Roles management
      • Assign a role to a learner
      • Indicate the execution of a task
      • Learners' task management
    • Course settings
      • Update general course settings
      • Visibility and access
      • E-mail notifications
      • User rights
      • Chat settings
      • Learning path settings
      • Thematic advance settings
    • Backup
      • Create a backup
      • Import backup
      • Copy course
      • Empty this course
    • The Reporting tab
      • Own courses and sessions reporting
    • Social network
      • Profile information
      • Internal messaging
      • “Friends”
      • Social groups
      • My files
    • Session view
      • Courses tab
      • Learning paths tab
      • My MCQ tab
      • My statistics tab
    • Appendix
      • Glossary
      • Frequently asked questions
      • Document license
      • Document history
  • Admin Guide
    • Getting to know Chamilo
      • About this guide
      • Whom is this guide meant for?
      • How to read this guide?
    • Installation and configuration
      • Server
      • Installation wizard
        • Launching the installation wizard
          • Step 1 of 6 : Language
          • Step 2 of 6 : Prerequisites
          • Step 3 of 6: License
          • Step 4 of 6 : MySQL database parameters
          • Step 5 of 6: Configuration settings
          • Step 6 of 6 : Last check before installation
        • Last installation settings
      • Updating Chamilo
        • Download the latest stable version
        • Replace the older version by the new one
    • Backups
      • External backups
        • PhpMyAdmin database backup
        • Command-line backup
        • The Chamilo root directory
      • Saving the Chamilo interface
        • Learning path export
        • Saving a course
      • Recovering a backup
        • Learning paths
        • Courses
        • Complete recovery
    • Platform administration
      • Chamilo configuration settings
        • Portal
        • Training (admin/courses)
        • Sessions
        • Languages
          • Creating a sub-language
          • Defining one's own terms
          • Assigning the new sub-language
        • Users
        • Modules
        • HTML Editor
        • Security
        • Tuning
        • Assessments
        • Time zones
        • Reporting
        • Search
        • Stylesheets
        • Templates
        • Plugins
        • LDAP
        • CAS
        • Shibboleth
        • Facebook
      • Portal news
      • Global agenda
      • Edit portal homepage
      • Setting the registration page
      • Statistics
      • Reports
    • Users management
      • User roles
        • Learner (admin/or student)
        • The course assistant
        • The human resources manager (admin/or supervisor)
        • The course coach
        • The session coach (admin/or session tutor)
        • Teacher (admin/or trainer)
        • Sessions administrator
        • Portal administrator
        • Global administrator
        • Special case: the anonymous user
      • Users list
        • Learner
        • Teacher
        • Administrator
        • Anonymous
      • Add a user
      • Export users list
      • Import users list
      • Add groups
      • Groups list
      • Profiling
    • Courses management
      • Courses list
        • Update course details
        • Tracking and backup
      • Create a course
      • Export courses
      • Import courses list
      • Courses categories
      • Add users to course
      • Import users list
    • Sessions management
      • Use cases
        • The academic year
        • Personal tutoring
        • Corporate induction courses
      • Managing the sessions
      • Add a session
      • Sessions categories (admin/or periods)
      • Export sessions list
      • Copy from course in session to another session
      • Move users results from/to a session
      • Careers and promotions
        • Careers
        • Promotions
        • Copy
        • Use case
      • Classes
    • System
      • Special exports
      • System status
      • Data filler
      • Archive directory clean-up
    • Global features
      • Multi-URL
        • Use case – University faculties
        • Use case – Corporate branding
        • The solution
        • Installation
      • Video-conference
      • Chamilo Rapid
      • Style sheets
      • Templates
      • Web services
      • The Prestashop plugin
      • The Drupal plugin
      • The xAPI plugin
      • Logging in with OpenID
      • Securing your site with SSL / HTTPS
      • Optimization
    • Appendix
      • Frequently asked questions
        • Sending e-mails from the platform doesn't work
        • How do I prevent teachers to subscribe or unsubscribe learners into/from their courses?
        • How do I block access to the course catalog for learners?
        • How much bandwidth does the videoconference tool (admin/BigBlueButton) consume?
      • Security in Chamilo LMS
      • Database structure
      • Accessing the database
      • Configuration settings list
      • Glossary
      • Document license
      • Document history
  • Developer Guide
    • Introduction
      • About this guide
      • Who is this guide for?
      • How to use this guide
      • General usability
    • Why Chamilo?
      • Learning paradigm
      • Common interface elements
    • The Chamilo files & database structure
      • History
      • Database structure : fixed in all minor versions
      • The Chamilo LMS files structure today
      • The Chamilo LMS database structure today
      • General conventions for future database structure
    • Coding conventions
    • Theming through templates
      • Cleaning the cache
      • Structure of a page
      • Usable variables
      • Modifiers
    • Theming through CSS
      • The cascading structure
      • Style files purposes
      • The stylesheets inclusion mechanism
      • Extending the icons set
      • Default course image
      • Example procedure for new design
    • Document templates
      • Structure
    • Theming certificates
    • Customizing the online editor
    • The Chamilo logo
    • Global settings
      • Sub-languages
    • Participating to the development
      • Using Git
      • Updating you code
    • Clear the template cache
    • Fixing bugs
    • System AdministratorsWeb services
      • SOAP, REST and XML-RPC
      • Connection and security key
      • Restriction on calling IP addresses
      • Other methods
    • Extra Chamilo fields
    • Plugins
      • General workflow of plugins
      • General plugins development
      • The Dashboard
      • Language variables
    • System AdministratorsAuthentication methods
      • LDAP
      • CAS
      • Shibboleth
      • Facebook
      • OpenID
      • Custom SSO methods
    • Passwords generation
Powered by GitBook
On this page
Export as PDF
  1. Admin Guide
  2. Global features

Securing your site with SSL / HTTPS

PreviousLogging in with OpenIDNextOptimization

Last updated 1 year ago

As Chamilo LMS has grown more popular in the last 12 months (roughly 400% increase in number of users), we have received several indications of password theft and that the security of Chamilo might be in question. Check out our Security in Chamilo LMS section (10.2) in the Appendix for more information about security in Chamilo.

The weakest link so far with our Chamilo portals has been the infrastructure, in that students can (relatively easily) steal accesses from a teacher connecting to the platform from the same computer room (due to some characteristics of network equipment). There are many ways to get to “spy” on the communication of another user with the server, and one of the most secure ways to avoid this kind of theft is to encrypt the whole communication between the user and the Chamilo server.

This can be done through SSL (or more commonly called HTTPS for the appearance of an “s” in the URL of those portals), a secure and standard way to encrypt any HTTP communication on the web.

Sadly, because of the inherent security of the system, an SSL certificate (required for the secure communication to happen) has to be “signed” (virtually) by a recognized authority, for a limited amount of time. This implies (in most cases until now) payment to said authority of a fee to sign the certificate. In other words, a certificate is not free and it is not permanent. For example, a simple (lowest-level of security) certificate, just for a single domain name, might cost between $25 and $100 a year.

You can “self-sign” your certificates, but this will show a scary screen to all users the first time they access the portal, and it will ask them to take a decision. The users will have to click a minimum of 3 times in very specific options in order to get to the site, as illustrated by the following screenshots.

Illustration: Browsers warn users of self-signed SSL certificates: Step 1/3: click on the “I Understand the Risks” link (example with Mozilla Firefox)

Illustration: Browsers warn users of self-signed SSL certificates: Step 2/3: click the "Add Exception" button

Illustration: Browsers warn users of self-signed SSL certificates: Step 3/3: click "Confirm Security Exception"

These rather scary three steps completed, your user will have access to your site with an encrypted connection, but the process will not work for everyone.

To avoid these messages, you will need to purchase an SSL certificate (we have had some reasonable success with RapidSSL so far, but it is entirely up to you to choose the right SSL certificates provider for you).

There is no more secure and practical way of securing your connections than SSL, so don't try to implement your own security mechanism. If you have comments about SSL, you should contact directly with the community managing the standard.

If you'd rather go for a self-signed certificate because your team will be a finite number of people using it and you know they're able to manage the 3 steps of certificate acceptance, then you can follow this article to set it up:

https://beeznest.wordpress.com/2008/04/25/how-to-configure-https-on-apache-2/