has this issue been resolved?
Going through the same thing myself now. What I've found (others please correct me if I'm wrong):
RE: When same certificate....
- Tableau SSL and Tableau SAML operate independently. Therefore, you could use the same certificate/key set for both, or you could use one certificate/key set for SSL and a different one for SAML. For SAML, you can even use a self-signed certificate with a super-long expiration date Updating SSL certificates? . Therefore, you do not have to update the SAML and SSL certificates at the same exact time, since they function independently.
- That said, if you are definitely using the same certificate for both SAML and SSL and are updating the certificate because it's expiring, then it makes sense to update the SAML side and the SSL side at the same time. We know an expired certificate used for SSL will throw warnings to web browsers. I believe the Tableau SP may not be happy with an expired certificate on the SAML side as well (though there are other SAML SP implementations that don't care about expired certificates, the public key being the only relevant factor).
RE: When I pried [sic] applying...
- No idea what's going on there. A certificate CRT file is just a public key in a wrapper that has some additional metadata in it that is generated from a private key (.key file). If you created a new private key and then generated the certificate (including public key) from the new private key, this certificate (CRT) should NOT work with the old private key. It's possible you generated a new certificate from the old private key (which is perfectly fine), which would explain why the old key works with the new CRT. Otherwise, I don't know what's going on. Bottom line: the CRT file has to be paired with the private key it was generated from.
RE: Also, in SAML if we use the expired .crt and .key file we have seen Tableau URL to be working fine, is this expected?
- I don't know what you mean by "Tableau URL to be working fine": does this mean the SSL functionality is working (https://) or that the SAML functionality is working? SSL does not care about the SAML configuration, so as long as you have a current SSL certificate, you can be using an expired (and therefore different) SAML certificate (and likely break SAML). I say "likely break SAML" because I do not know for sure how Tableau SP and whatever IdP you are using will behave with an expired SAML certificate. It would be nice if a Tableau rep would answer this question: can we use an expired certificate for SAML?