0 Replies Latest reply on Apr 20, 2016 10:10 AM by Cris Martinez

    Vanity URL and Cert Issues

    Cris Martinez

      Hello.  Maybe this is posted somewhere but I sure couldn't find it so I thought I'd share in case some poor soul finds themselves in a similar pickle.

      We have a Tableau 9.2-6 server in Azure behind a Barracuda firewall.  This was specifically for our Dev environment (no load balancer) as of now and under a heavy time crunch (sales dudes were trying to show it off to customers before we were ready). We had issues even with 3rd party support (they were hired on to implement this application) with certificates.

      We are primarily a Windows shop and use GoDaddy for our SSL certificate provider.  We were told that the server picks up the url from the NetBIOS name and can't be changed (in the Tableau config window) and the certificate we got from GoDaddy threw errors that prevented users from publishing from Tableau desktop and external users trying to get to the page.  The server name the web server was throwing out didn't match the vanity URL we had in DNS.  Even when adding just the server name as an A record, it still didn't work.  There were suggestions of putting a proxy/reverse proxy in front of it, but in our experience it is not needed.


      For those of you struggling with a similar issue, here's a link describing how to convert a .PFX certificate to .crt and .key files.  Note: Stop the server first before making the config change or it may not pick up the changes.


      Link: SSL Certificate / Export your private key


      In the event that the link goes stale here are the steps (because,  yeah, I'm going to forget this in like 5 minutes).



      1. Launch the mmc, add the certificate snap-in and find the cert you just installed

      2. Right click and under All Tasks select Export.  Follow the wizard being sure to check the box to include the private key until you have the .pfx file.

      3. I used some Azure magic to create a share on a storage account blob and uploaded the file.  Then logged into the Azure portal on the Tableau server to download it from the storage account share to a temp directory.

      4. Open a command prompt and unless you've added it to the path, go to where openssl is.  for me that's c:\Program Files\Tableau\Tableau Server\9.2\apache\bin.

      5. Run the commands to extract the cert, private key, and then remove the passprase from the private key.


      Export the private key file from the pfx file

      openssl pkcs12 -in filename.pfx -nocerts -out key.pem

      Export the certificate file from the pfx file

      openssl pkcs12 -in filename.pfx -clcerts -nokeys -out cert.pem

      Remove the passphrase from the private key

      openssl rsa -in key.pem -out server.key

      Other notes: Make a specific directory for the cert files outside of the Tableau program directory.  That way, if you have to uninstall and re-install, you won't lose it and the folder needs to be accessible by the tableau app so don't put it in c:\temp.