What is SSL?
Where is SSL used in Terra Dotta?
Whenever you are logged in, you are 'behind' SSL, meaning that your data in transit is encrypted, protected from being picked up and read. You will notice that there is an 's' after the http in the address bar. You should see that when you access the login page, the URL (site address) will change to https. You will also notice a padlock icon or other indication in your browser meaning that an SSL connection is active.Public Site
When your hosted Terra Dotta Application is initially brought online, we provide a default host name on the appropriate product domain for your account (e.g., myuniversity.terradotta.com). This host name remains active for as long as it is needed (or permanently if desired).- NOT VALID: http://www.myuniversity.edu/oip
- NOT VALID: http://international.myuniversity.edu/studyabroad/
Shared Wildcard SSL
Our hosted customers are all protected by default (without charge or need to request) with a wildcard SSL certificate for your product domain (e.g., *.terradotta.com, *.i3s.com, *.applicationgateway.com, *.terradotta.com). The pre-configured host has automatic SSL protection under the wildcard certificate. This certificate is managed by Terra Dotta at no additional cost to the customer.
Secure: https://myuniversity.terradotta.com/ (using *.terradotta.com wildcard SSL certificate)
Custom SSL
If you prefer, you can provide an SSL certificate for your institutional domain/host, so that users will remain within the same host in the URL in both the public and secure areas of the site.Secure: https://studyabroad.myuniversity.edu/
- Decide on the DNS name for your site. See information above and the article titled "Hosted/SaaS: Configuring DNS host records to point to Terra Dotta servers" for more information. It's listed in the Additional Resources tab of this article.
- Open a support case with Terra Dotta to request the SSL host configuration for your site. In the case, request the CSR for your site certificate, providing the following information:
- Common Name: [name of site; e.g. studyabroad.terradotta.edu]
- Organization Name: [name of institution to appear on the certificate; e.g. Terra Dotta University]
- Country:
- State/Province:
- City:
- Organization Unit: [name unit/department to appear on the certificate; e.g. Office of Study Abroad]
- Key Size: 4096
- Purchase/obtain the SSL certificate through your institutional network services. You will be responsible for the ongoing costs and maintenance of the certificate, notifying Terra Dotta via support cases whenever an update to the certificate is required. Certificates generally have a renewal cycle of between 1 and 5 years.
SSL Cert Renewal (Hosted/SaaS clients):
We recommend that customers keep a calendar reminder of the date when certificates are set to expire. At least 2 weeks* prior to the date of expiry, submit a support case to Terra Dotta requesting a new CSR (certificate signing request) for certificate renewal, noting the date when the certificate is set to expire. Terra Dotta system administrators will attach the CSR to the case, which you must download and submit to your certificate authority to generate the new certificate. Attach the certificate to the case, being sure to comment that the certificate file has been posted. From that point, the certificate installation is usually performed within 24 hours.
----
Enabling SSL for Terra Dotta (Installed Clients)
Note: This document does not cover basic concepts of SSL, security certificates or web security configuration. Consult the documentation for your web server (IIS or Apache) for instructions on enabling SSL on your website. Make the SSL host availble on your website before configuring Terra Dotta Software for SSL. Terra Dotta software will operate properly under SSL before being configured.For most implementations of Terra Dotta, the recommended approach is to provide site access on both a secure and a non-secure channel. The latter is advisable for the public site pages and program catalog, where no user identification is needed and performance can benefit from the unencrypted transfer of long text and binary content.
Public and Private Host Domains
Since Terra Dotta permits any combination of secure and non-secure hosts for the open and authorized sections of the interface, the terms Public and Private are used, rather than secure and non-secure. While it is a virtual requirement that sites use SSL for their Private Host, Terra Dotta can operate without SSL, which can be helpful during initial site deployment and on staging servers.- Terra Dotta software can be configured to use any port for either the public, non-secure site or the private, secure (SSL-enabled) site. To change or set the port,go to Maintenance > Environment Settings and change the Private Host Port setting to the value desired, preceded by a colon (:). Example: :4343
- The same can be done with the Public Host Port if desired, for example, using :8080.Also note that installations wishing to secure the entire site through SSL can mirror the settings for Public and Private Host, and place restrictions on the web server.