6 Replies Latest reply on Feb 24, 2017 10:55 AM by Michael Damico

    Tableau Server 9.3 - Create SSL Certificate Chain File (Mac)

    Greg Pitts

      I have a Mac user trying to publish workbooks from Tableau Desktop 9.3 to Tableau Server 9.3.1.  The actual error occurs when the user attempts to sign in from Tableau Desktop (Server >> Sign In... >> Enter Tableau Server Web Address).  The user is never prompted to enter a username and password and instead errors out.  To be clear:  I only have this issue with Mac users.  A Windows user can connect just fine from Tableau Desktop to Tableau Server and publish workbooks.

       

      After reading this community article, I realized that we need to have a SSL certificate chain file for Mac users.  The web certificates that are working on the Windows PC were created and self-signed using OpenSSL using the following commands:

       

      cd 'C:\Program Files\Tableau\Tableau Server\9.3\apache\bin'
      .\openssl.exe genrsa -out ssk_tableau_dns.key 4096
      .\openssl.exe req -new -key ssk_tableau_dns.key -config 'C:\Program Files\Tableau\Tableau Server\9.3\apache\conf\openssl.cnf' -out ssk_tableau_dns.csr
      .\openssl.exe x509 -req -days 3600 -in ssk_tableau_dns.csr -signkey ssk_tableau_dns.key -out ssk_tableau_dns.crt
      New-Item 'C:\Program Files\Tableau\Tableau Server\SSL' -type directory
      Copy-Item ssk_tableau_dns.crt 'C:\Program Files\Tableau\Tableau Server\SSL'
      Copy-Item ssk_tableau_dns.key 'C:\Program Files\Tableau\Tableau Server\SSL'
      

       

      Configuration for the web certificates was setup as follows:

      tab_ser_config.png

       

      Below was the initial error that Mac user reported:

       

      tab_des_err_peer.gif

       

      I read up what I could online about certificate chain files.  My challenge is I don't have another web certificate file to chain...So my first attempt was to use the SSL certificate file as the SSL certificate chain file in the Tableau Server Configuration.  Now the Mac user is getting a operation timed out error.  I looked at the Apache logs located in C:\ProgramData\Tableau\Tableau Server\data\tabsvc\logs\httpd\error.log.  The only error I see at the times the user attempts to sign in from Tableau Desktop to Tableau Server is:

       

      [Tue May 24 16:20:19.422393 2016] [ssl:warn] [pid 2908:tid 660] AH01909: localhost:443:0 server certificate does NOT include an ID which matches the server name

       

      Can anyone assist me to create the "correct" SSL certificate chain file using OpenSSL for Mac users?