4 Replies Latest reply on Jan 10, 2017 11:16 AM by Charles Ayotte-Trépanier

SSL Certificate: PEM or PKCS7 encoding?

Charles Ayotte-Trépanier Jan 10, 2017 10:49 AM

Hi,

We have some users trying to embed Tableau views in their https website. In order to assist them, I started by configuring SSL on our test server. The certificate I used is PKCS7 encoded. Everything seems to work fine.

However, while trying to configure VizAlerts for SSL, I noticed that VizAlerts requires a .pem certificate. Doing some research about what a .pem was, and how I could convert my .cer file to .pem, I came across this (https://www.namecheap.com/support/knowledgebase/article.aspx/9474/69/how-do-i-create-a-pem-file-from-the-certificates-i-… ):

Choosing “Apache, Nginx, cPanel or other” will get you a PEM-encoded SSL certificate. While going with “Microsoft IIS, Tomcat” will set PKCS7 encoding preference, which is suitable for trusted security certificates in Microsoft and Tomcat server environment.

I'm completely clueless when it comes to network/web servers and how they work. From what I understand, Tableau Server uses Apache as a web server.

Does that mean that I necessarily need a pem-encoded SSL certificate?

Everything seems to work fine with PKCS7 encoded certificate, but is the connection really secured? Should I get a pem-encoded certificate instead?

Finally, the encoding options when requesting a certificate are PKCS7 or base64. Can anyone confirm that base64 is PEM? (I'm having a hard time finding the right contact in my org to help me out with this)

Thanks!

1. Re: SSL Certificate: PEM or PKCS7 encoding?

Toby Erkson Jan 10, 2017 11:02 AM (in response to Charles Ayotte-Trépanier)

This may need to go to the VizAlerts forum since it appears to be an issue for that unsupported application. For the expert help there I'm calling in Jonathan Drummey & Matt Coles.
Like Show 0 Likes(0)

Actions
2. Re: SSL Certificate: PEM or PKCS7 encoding?

Charles Ayotte-Trépanier Jan 10, 2017 11:07 AM (in response to Toby Erkson)

Hi Toby,

This question is not VizAlerts related.

I happened to read that Apache web server seem to require certificate with PEM-encoding while trying to configure VizAlerts. Configuring VizAlerts allowed me to realize that I might have not configure SSL properly.

My question is strictly regarding SSL configuration, and the type of encoding I should be using for the SSL certificate I'll use for Tableau Server.

Thanks!
Like Show 0 Likes(0)

Actions
3. Re: SSL Certificate: PEM or PKCS7 encoding?

Matt Coles Jan 10, 2017 11:13 AM (in response to Charles Ayotte-Trépanier)

That instruction is related to the Python libraries we use in VizAlerts, not Apache. And the file you provide VizAlerts is a CA certificate bundle file, which simply tells it which certificate authorities are trustworthy. If your SSL configuration on Tableau Server is working fine, and you're getting the lock icon in your browser when you connect, then fret not--all is well.
1 of 1 people found this helpful
Like Show 1 Likes(1)

Actions
4. Re: SSL Certificate: PEM or PKCS7 encoding?

Charles Ayotte-Trépanier Jan 10, 2017 11:16 AM (in response to Matt Coles)

Thanks Matt!

Lock icon in browser = good. That's a language I can understand
Like Show 0 Likes(0)

Actions