Those who’ve followed, referenced or read this blog for any length of time know that my posts follow my thoughts – one day pondering the ineffable, another day contemplating market changes in the LMS space, and the very next mired in the nuts and bolts of maintaining one of those systems.
Today is one of those days. Maybe these observations will help someone else, at least they’ll be breadcrumbs for me.
So far, in the last week on Bb Vista 8.0.5 I have confirmed these things:
- Blackboard Collaborate/former Wimba changed out the cert at our site, https://notredamevoice.wimba.com/ on April 14th without notifying us, effectively breaking SSL.
- The cert, key and ca files in the /WebCTDomain/userdir referenced by Weblogic are only read when the application is started. In other words, overwriting their contents while the application is running does not constitute a valid test unless you restart the app node.
- In these days, cert renewals are being complicated by the fact that 2048 bit is the new standard but your old cert is probably still 1024 bit-based encryption. This makes a difference if you’re chaining certs, make certain you don’t mix 1024 with 2048 … (I can’t say if it makes a difference to keystores. I would think you could import both types to keystores.)
- Configuring Chat for end to end encryption means nothing more than sharing the key and cert files from your load balancer and pointing to them in the Chat config file and Weblogic > Server (incl. Admin) > SSL tab.
- Configuring end to end encryption with a 3rd party server such as Wimba means constructing a ca chain which includes their cert, the intermediate and the root. Don’t worry if your cert vendor’s intermediate and root are not there – focus on theirs.
- In order to encrypt both, I ended up chaining our cert vendor’s intermediate cert to the chat cert in /WebCTDomain/userdir AND chaining Wimba’s cert vendor’s intermediate cert in the ca.pem file located in that same directory /WebCTDomain/userdir