SSL Certificate

Depending on where you're trying to install the SSL cert, steps will vary. Please let me know what cert is this for and where do you wanna install it? OS version, etc will be helpful.

Hi
Tableau Server Admin - on Windows 10 (Tableau 2018).
I received a file encrypted and saved the contents to a file called CAs.crt - inside this file is encrypted private key and 2 certificates.
Path to file is : C:\Program Files\Tableau\Tableau Server\SSL.
I then stopped tableau server and went to "Configure Tableau Server" - then went to tab SSL - see attachment for configuration.
Note: rightly or wrongly the .crt file includes all the encrypted information including the key and the separate key file has only the key encrypted data.
I then entered the password and closed the Configure Tableau Server  - then restarted the Tableau server.

We now can't connect via http ip address.

Regards
ssl.docx

Hi
I also get this in the error log

AH02564: Failed to configure encrypted (?) private key localhost:443:0, check C:/Program Files/Tableau/Tableau Server/SSL/key-file.key
[Mon Jan 28 16:06:43.544269 2019] [ssl:emerg] [pid 106040:tid 456] SSL Library Error: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch

Regards

Yes

Based on your error code, please check this out https://knowledge.digicert.com/solution/SO17751.html

Question - does it matter if all the encrypted data is in the crt file and for the key file it only includes encrypted data for the key?

The link says
 openssl x509 -noout -text -in certfile ……. is this a command line task?

The Tableau Server docs are a bit hard to understand.

The easy way to accomplish this...

1) You must start with some sort of host or domain where your Tableau Server instance will run.

So if your main site is foo.com maybe data.foo.com will be your Tableau Server host name.

2) This hostname must resolve using public DNS to a public IP.

3) Generate your SSL cert files.
 
My preference is using free https://LetsEncrypt.org certs as they work 100% of the time.

4) Associate your cert either with Tableau (if it provides it's own HTTPS server) or the HTTPS server under which your Tableau instance runs.

Note: Normally this will include 2x files.

a) Your fullchain.pem file, which includes your cert + a cert for every issuing authority in your full issuance chain, back to a root cert.

b) Your privkey.pem file which is private key for decoding incoming HTTPS requests.

5) You will know this part is correct when https://ssllabs.com/ssltest returns a stellar report for your data.foo.com Tableau server instance.

6) You can do your own testing or cert testing using...

i

mac> echo QUIT | openssl s_client -servername davidfavor.com -connect davidfavor.com:443 2>&1 | openssl x509 -noout -text | grep DNS:
                DNS:davidfavor.com, DNS:www.davidfavor.com

or...

cat path-to-your-fullchain | openssl x509 -noout -text | grep DNS:

Select allOpen in new window

What you use for -servername + -connect will relate to your exact host being used.

Note: If your cert is really setup correctly, you should be able to drop the -servername option