3 Replies Latest reply on Apr 24, 2019 9:43 PM by Razzakul Chowdhury

    SAML Certificate and Key Files

    sandeep Munagala



      I am newbie for installation stuff. I am working to upgrade the Tableau 9.2 to 10.1 and enable to SAML. In order to configure the SAML I wanted to understand how to generate or source to get the Certificate file and also Key file. Please help me provide some information.


      When I looked up in Tableau site I see there is some material to generate .csr and .key files for SSL. How do we do the similar thing for SAML and also Certificate file is .crt extension. How do we achieve to generate .crt file.

        • 1. Re: SAML Certificate and Key Files
          Nick Roush

          We generated the .csr and .key files mentioned and sent them over to our SAML team. They then sent us back the .crt and .key files.

          • 2. Re: SAML Certificate and Key Files
            sandeep Munagala

            Thanks Nick,


            I did figure out the way to generate the .crt file as well


            Here are the steps and commands to generate all 3 files. This worked for me.


            Steps to Generate Certificate File and Key File for 10.1 version:



            1. Set Open SSL Config using this command:  (Optional)

            set OPENSSL_CONF=c:\Program Files\Tableau\Tableau Server\<version>\apache\conf\openssl.cnf

            2. Navigate to C:\Program Files\Tableau\Tableau Server\<version>\apache\bin

              .Key File: openssl.exe genrsa -out <yourcertname>.key 4096

            3.  .csr File: openssl.exe req -new -key yourcertname.key -out yourcertname.csr

              add -config ..\conf\openssl.cnf at the end if you do not set the OPEN SSL config

            4.  .crt File: openssl.exe x509 -req -days 1825 -in devcert.csr -signkey devcert.key -out devcert.crt

            1 of 1 people found this helpful
            • 3. Re: SAML Certificate and Key Files
              Razzakul Chowdhury

              We are trying to Implement SSO using OKTA for Tableau Server version 2019.1.2 in a Single node in DEV Environment . At present we are using 2018.1 in PROD environment that is SSO integrated using OKTA. But when I upgraded from 2018.1 to 2019.1.2 SAML SSO got broken in DEV. I have followed Sandeep's instruction as follows for 2019.1.2 version:


              cd C:\Program Files\Tableau\Tableau Server\packages\apache.20191.19.0321.1733\bin

              set OPENSSL_CONF=C:\Program Files\Tableau\Tableau Server\packages\apache.20191.19.0321.1733\conf\openssl.cnf

              openssl.exe genrsa -out tabdev.key 4096
              openssl.exe req -new -key tabdev.key -out tabdev.csr
              openssl.exe x509 -req -days 1825 -in tabdev.csr -signkey tabdev.key -out tabdev.crt


              I am getting "Unable to Sign In Invalid Username or Password" . Is any of you already implemented OKTA SSO for Tableau Server version 2019.1.2 ? Please help me with the steps to generate SAML .cert file and .key file . Okta gives a metadata.xml file that has <md:KeyDescriptor use="signing">...</md:KeyDescriptor>  tags, and within this tags there is X509 Certificate. This metadata is uploaded in TSM interface. Do we have to do anything with this Certificate. In previous version (2018.1) I have used that in *.pam file and SSO is working . In 2019.1.2 version that doesn't work, even we converted that to *.pem file but still unsuccessful for SSO integration.


              If anyone has done it please help.




              Razzakul Chowdhury (Raz)