I have not heard of anyone using this specific program for encryption. But I would check out the following section of the Tableau product help on network security: Network Security - Tableau
Hope this helps!
4 of 4 people found this helpful
I've successfully figured out how to use letsencrypt to get https for Tableau server. So if anyone else wants to use letsencrypt with a linux system, these are the steps that I took:
1. Install certbot on your server. Go here for instructions on how to install certbot.
2. Get the certificate using certbot by running this command: sudo certbot certonly
- Pick the 3rd option (3. Place files in webroot directory)
- Your webroot should be at: /var/opt/tableau/tableau_server/data/tabsvc/httpd/htdocs
Certbot will put your certificate and key in the /etc/letsencrypt/live/<your tableau server's domain>
3. Configure SSL on Tableau server
- Tableau's documentation on how to configure SSL for Tableau server
Basically you'll just run this command:
tsm security external-ssl enable --cert-file /etc/letsencrypt/live/<your domain>/fullchain.pem --key-file /etc/letsencrypt/live/<your domain>/privkey.pem
Then you run tsm pending-changes apply
That's it! Your site should then be encrypted.
Thank you, for this information! It helped a lot. I knew it should be easy, but I was struggling to find the solution.
I'm curious. Have you been through a renewal yet? Does the Tableau server need to be restarted to recognize the new certs?
I've read about using the "renew_hook" in /etc/letsencrypt/renewal/example.com.conf to run a step after renewal, but not sure if that is needed in this instance or not.
I used opelssl for windows which is about the same thing, and when I renewed the cert, I needed to restart
Note that in my case, on one Ubuntu 18.04 server I was facing an issue of reading permissions of the key files. I copied them to another place and made sure they were readable by non-root users with "sudo chmod 644 ..."
Here is the complete list of installation steps of my certificates (I also installed certbot without apache - Tableau Server takes care of that):
- sudo apt-get update
- sudo apt-get install software-properties-common
- sudo add-apt-repository universe
- sudo add-apt-repository ppa:certbot/certbot
- sudo apt-get update
- sudo apt-get install certbot
- sudo certbot certonly --standalone
Then install Tableau server, then:
- sudo cp /etc/letsencrypt/live/<your_domain>/fullchain.pem <new_location>/<your_domain>.crt
- sudo cp /etc/letsencrypt/live/<your_domain>/privkey.pem <new_location>/<your_domain>.key
- sudo chmod 644 <new_location>/<your_domain>.key
Then the tsm security external-ssl and finally tsm pending-changes apply as mentioned by Holly Do
I hope this is helpful,
Yes, I had done the renewal process. You do have to restart after renewing the certificate using certbot because after running tsm pending-changes apply you'll be prompted to restart so that your settings could apply.
We are using letsencrypt for almost a year now.
We are using a cron script to copy the renewed certificate to replace the certificate in Tableau Server directory. The new certificate is picked up upon Tableau Server restart