9 Replies Latest reply on Oct 22, 2018 12:28 PM by Carisa Chang

    can't make SSL certificate work

    Anthony Gacayan

      Hi

       

      I am new at installing tableau server. We are planning to implement SSL and reverse proxy to our tableau server to be able to access outside our network. we installed the tableau server in a virtual machine and it has a host name "tableauserver1.mydomain.local" which is working fine and accessible inside our network. So i have read that tableau accepts wild card SSL certificates and we do have one which is "*.domain.org" (i know i doing something wrong in this part), so i tried to use it with the tableauserver but it does not work, i think because it has a different domain name. I tried adding a subdomain on our vendor web hosting "tableauserver1.domain.org" but it still does not work. i do not know if i need to change something on the DNS server or anything. Please help!

        • 1. Re: can't make SSL certificate work
          Murali Baddela

          Hi Anthony,

          I have had issues with setting up SSL on out Tableau server hosted on a VM.

           

          But eventually figured out a solution.

           

          I am not too sure about wild card certificates that Tableau can accept.

          Having said that.

          (1) When you open Tableau after setting up SSL on the VM machine, does Tableau throw a warning/error ?

          (2) Does this warning persists when you try open Tableau from your local desktop machine .

           

          If it works for scenario (1) and does not for scenario (2) . Its a certificate issue.

          When you enable SSL on the server settings on the Tableau Server VM does the window show a graceful exit. If it does nto I would recommend examining the server logs.

           

          Regards

          • 2. Re: can't make SSL certificate work
            Anthony Gacayan

            Hi Murali,

             

            Thanks for sharing your experience. i have error certificate error saying "mismatched address" on VM and local computers which also does not let me log in. Also when i enable SSL it gives me a graceful exit which i believe it accepts the SSL certificate the thing is that i don't how to change the address of tableau server.

            • 3. Re: can't make SSL certificate work
              Murali Baddela

              Anthony,

                I would eliminate these first:

              (1) Get with your network folks and see if there's any blocking from your desktop --> the Taleau Server (tableauserver1.mydomain.local)

              (2) https connections for Tableau usually talk on port:443 , see if there's any connection coming into this port , network software should be able display that.

              (3) You mentioned you have a "*.domain.org" certificate , did you install it and go thru mmc (microsoft management console) and install the certificate . Then get the crt and key files and apply these in the Server manager console?

               

              It might help to open a ticket with Tableau as fast using wildcard certs.

              • 4. Re: can't make SSL certificate work
                Carisa Chang

                Hi Anthony,

                 

                You mention your Tableau Server is on "domain.local" and your wildcard cert is for "domain.org" - these two do not match, which would explain the error you are seeing. You'll want to work with your internal IT team on how to rename your computer and/or attach it to the correct domain, and then get an SSL certificate created that matches your computer. If you get a matching certificate, and you still see errors, Tableau Support can help sort out what is going on. The first step will be getting a matching certificate and going from there

                • 5. Re: can't make SSL certificate work
                  Anthony Gacayan

                  Hi Murali and Carisa,

                   

                  Thanks for all your suggestions this gives a lot of insights. Sad part i am part of the IT team(small team) we are helping one of our employee to build tableau server for their project. I myself is new to deploying SSL and reverse proxy and my team also has little knowledge about this. I'll do all your advise and update this thread once i figured this out.

                  • 6. Re: can't make SSL certificate work
                    Edward Taylor

                    yes i have this same issue with 2018.2.2 - i tried saving the cert locally so at least i don't get the nag screen when i access TSM from my laptop, but still it fails. this is a bit rubbish really. you should surely be able to use same cert as you set up for Tableau Server? So like you have for example tableau.yourcompany.com for your users, and tsm.yourcompany.com:8850 for TSM?

                    • 7. Re: can't make SSL certificate work
                      Carisa Chang

                      Hi Edward,

                       

                      You're actually seeing a slightly different issue, which is that TSM uses a self-signed internal cert - not the same cert that you used to set up Tableau Server. You will need to trust this certificate from other computers when using TSM:

                       

                      Connecting

                      As a security measure, you can only connect to TSM using HTTPS. This is because TSM allows you to perform administrative tasks and to connect to TSM from other computers.

                      The HTTPS connection relies on a self-signed certificate generated by the Tableau Server installer. Although the security of this HTTPS connection is not reduced by using a self-signed certificate, it does require that the CLI is configured to trust the self-signed certificate. This is done by default as part of the installation process, so you can access TSM from the local computer without additional configuration.

                      Tableau Services Manager Overview

                      • 8. Re: can't make SSL certificate work
                        Edward Taylor

                        Ok thank you I will look again. I don’t really want to manually trust certs from every client laptop that connects to TSM. What I wanted to find out is, is it possible to change the cert that TSM uses so it’s the same as the company one I supplied?

                        • 9. Re: can't make SSL certificate work
                          Carisa Chang

                          Hi Edward,

                           

                          It's not currently possible to use a different cert for TSM, but I believe it is on the Ideas forum as a request for future implementation - you could vote on the Idea there to support it.

                           

                          Ideas