I have had issues with setting up SSL on out Tableau server hosted on a VM.
But eventually figured out a solution.
I am not too sure about wild card certificates that Tableau can accept.
Having said that.
(1) When you open Tableau after setting up SSL on the VM machine, does Tableau throw a warning/error ?
(2) Does this warning persists when you try open Tableau from your local desktop machine .
If it works for scenario (1) and does not for scenario (2) . Its a certificate issue.
When you enable SSL on the server settings on the Tableau Server VM does the window show a graceful exit. If it does nto I would recommend examining the server logs.
Thanks for sharing your experience. i have error certificate error saying "mismatched address" on VM and local computers which also does not let me log in. Also when i enable SSL it gives me a graceful exit which i believe it accepts the SSL certificate the thing is that i don't how to change the address of tableau server.
I would eliminate these first:
(1) Get with your network folks and see if there's any blocking from your desktop --> the Taleau Server (tableauserver1.mydomain.local)
(2) https connections for Tableau usually talk on port:443 , see if there's any connection coming into this port , network software should be able display that.
(3) You mentioned you have a "*.domain.org" certificate , did you install it and go thru mmc (microsoft management console) and install the certificate . Then get the crt and key files and apply these in the Server manager console?
It might help to open a ticket with Tableau as fast using wildcard certs.
You mention your Tableau Server is on "domain.local" and your wildcard cert is for "domain.org" - these two do not match, which would explain the error you are seeing. You'll want to work with your internal IT team on how to rename your computer and/or attach it to the correct domain, and then get an SSL certificate created that matches your computer. If you get a matching certificate, and you still see errors, Tableau Support can help sort out what is going on. The first step will be getting a matching certificate and going from there
Hi Murali and Carisa,
Thanks for all your suggestions this gives a lot of insights. Sad part i am part of the IT team(small team) we are helping one of our employee to build tableau server for their project. I myself is new to deploying SSL and reverse proxy and my team also has little knowledge about this. I'll do all your advise and update this thread once i figured this out.
yes i have this same issue with 2018.2.2 - i tried saving the cert locally so at least i don't get the nag screen when i access TSM from my laptop, but still it fails. this is a bit rubbish really. you should surely be able to use same cert as you set up for Tableau Server? So like you have for example tableau.yourcompany.com for your users, and tsm.yourcompany.com:8850 for TSM?
You're actually seeing a slightly different issue, which is that TSM uses a self-signed internal cert - not the same cert that you used to set up Tableau Server. You will need to trust this certificate from other computers when using TSM:
As a security measure, you can only connect to TSM using HTTPS. This is because TSM allows you to perform administrative tasks and to connect to TSM from other computers.
The HTTPS connection relies on a self-signed certificate generated by the Tableau Server installer. Although the security of this HTTPS connection is not reduced by using a self-signed certificate, it does require that the CLI is configured to trust the self-signed certificate. This is done by default as part of the installation process, so you can access TSM from the local computer without additional configuration.
Ok thank you I will look again. I don’t really want to manually trust certs from every client laptop that connects to TSM. What I wanted to find out is, is it possible to change the cert that TSM uses so it’s the same as the company one I supplied?
It's not currently possible to use a different cert for TSM, but I believe it is on the Ideas forum as a request for future implementation - you could vote on the Idea there to support it.