Enable HTTPS for Platform Application Center and Tableau

Follow the steps below to configure HTTPS on both Platform Application Center and Tableau using a self-signed certificate.

These instructions apply to:

  • Platform Application Center 8.0.1, 8.0.2

  • Platform Analytics 8.0, 8.0.2, with Tableau 6.0, 6.1

Note that you can configure HTTPS only for Platform Application Center, only for Tableau, or for both.

When you configure HTTPS for Platform Application Center, it affects access to the web server (URL will be https), access to Web Services, and the Report Builder (Report Builder will need a certificate to communicate with Platform Application Center).

When you configure HTTPS for Tableau, it affects report generation and Workbook access.

Enable HTTPS for Platform Application Center

The following steps use Platform Application Center’s own self-generated certificate to enable HTTPS. If you want to use your own certificate, the same steps may not apply.

  1. Log in to the Platform Application Center web server as root.
  2. Set your Platform Application Center environment.

    For example:

    • For csh or tcsh:

      # source /opt/pac/cshrc.platform

    • For sh, ksh, or bash:

      # . /opt/pac/profile.platform

  3. Enable HTTPS and restart Platform Application Center.
    # pmcadmin https enable
    # pmcadmin stop
    # pmcadmin start
  4. Generate the certificate file.

    For example:

    /opt/pac/jre/linux-x86_64/bin/keytool -export -alias tomcat -file server.crt
    Note:

    You will be prompted for a password. Enter "changeit".

    This command generates a file named server.crt. Copy this file to a temporary directory on the Analytics reporting server.

  5. Log in to the Analytics reporting server as the Tableau administrator.
  6. Import the server.crt file that you generated in step 4.

    For example:

    C:\analytics8.0_reports\jre\bin\keytool -import -file server.crt -keystore C:\analytics8.0_reports\jre\lib\security\cacerts

    Note:

    You will be prompted for a password. Enter "changeit".

  7. Edit the Platform Analytics Report Builder configuration file c:\analytics8.0_reports\conf\rptbuilder.conf and change the PACServerUrl to HTTPS.

    For example:

    PACServerUrl=https://192.168.0.1:8443

  8. Restart the Platform Analytics Report Builder service.

    For example:

    C:\analytics8.0_reports\bin\perfadmin.bat stop parb
    C:\analytics8.0_reports\bin\perfadmin.bat start parb
  9. Test that HTTPS is working by trying to access Platform Application Center with a web browser using https://.

Enable HTTPS for Tableau

  1. Log in to the Tableau server as local administrator.
  2. Create an SSL certificate and key for Tableau:

    The following step is reproduced from the Tableau Knowledge Base (http://www.tableausoftware.com/support/knowledge-base/creating-ssl-certificate-and-key-tableau-server)

    • To create a key

    Step 1

    Open the Command Prompt, and change directories to the path specified below, based on your operating system:

    • On a 32-bit machine: C:\Program Files\Tableau\Tableau Server\version\apache\bin

    • On a 64-bit machine: C:\Program Files (x86)\Tableau\Tableau Server\version\apache\bin

    Step 2

    Execute the command openssl.exe genrsa -des3 -out yourcertname.key 4096 from the Command Prompt to create your key file.

    Note: This command uses a 4096 bit modulus for the key. Other values, such as 1024 bits can be used, but provides less security. If a value is not provided, 512 bits is used.

    Step 3

    Type a passphrase after being prompted.

    Important: Do not forget this passphrase.

    Step 4

    Execute the command openssl.exe rsa -in yourcertname.key -out yourcertname.key from the Command Prompt to embed your passphrase.

    Note: Although embedding a passphrase may compromise the security of the certificate, Tableau Server requires that the passphrase is embedded.

    • To generate a CSR

    Step 1

    Execute the command openssl.exe req -new -key yourcertname.key -out yourcertname.csr command from the Command Prompt to create the CSR file.

    Note: If you see an error message about the config information being unable to load, retype the command above with -config ..\conf\openssl.cnf. Alternatively, you can set an environment variable to resolve the issue by typing the following command:

    set OPENSSL_CONF=c:\Program Files\Tableau\Tableau Server\6.0\apache\conf\openssl.cnf

    Step 2

    Enter the required information after being prompted.

    Note: When prompted to enter the Common Name value, type in the server name. If the common name and server name are different, errors will occur when a browser or Tableau Desktop try to connect to the server.

    Step 3

    Create a certificate by sending it to a commercial provider or by signing it yourself.

    Once you have the key and certificate file, you can apply it to Tableau Server using the instructions in the "Configuring SSL" section of the Tableau Server Administrator Guide (http://www.tableausoftware.com/currentadmin.php).

  3. Create a self-signed certificate.

    openssl.exe x509 -req -days 365 -in yourcertname.csr -signkey yourcertname.key -out tableau.crt

  4. Apply the private key and certificate to Tableau
    1. Log in to the Analytics Reporting Server as the user under which the Tableau Server service is running.
    2. Shut down the Tableau Server service from the Windows Services Controller.
    3. Select Start > Platform Analytics Server 6.0 > Configure Platform Analytics Server.

      The Tableau Server Configuration dialog box is displayed.

    4. Select the SSL tab and configure SSL settings.

      The following information is reproduced from the Tableau Administrator Guide, Configuring SSL chapter (http://downloads.tableausoftware.com/quickstart/server-guides/server_admin6.0.pdf)

      Select the option to Use SSL for Server Communication. Then specify a location for each of the following certificate files. These files should be located on the local machine.

      • SSL Certificate File - must be a valid PEM encoded x509 certificate with the extension .crt

      • SSL Certificate Key File - must be a valid RSA or DSA key that is not password protected with the file extension .key

      • SSL Certificate Chain File (Optional) - Some certificate providers issue two certificates for Apache. The second certificate is the chain file that contains information about the provider. If your provider has issued this second certificate you can enter it here.

      When finished, click OK.

      The changes will take effect the next time the server is restarted. When the server is configured for SSL, it will accept requests to the non-SSL port (default is port 80) and automatically redirects to the SSL port 443.

      SSL errors are logged in the install directory at the following location. Use this log to troubleshoot validation and encryption issues.

      C:\ProgramData\Tableau\Tableau Server\data\tabsvc\logs\httpd\error.log

      NOTE: Tableau Server only supports port 443 as the secure port. It cannot run on a machine where any other application is using port 443.

  5. Start the Tableau Server service from the Windows Services Controller.
  6. Configure the Report Builder.
    1. Log in to the Analytics Reporting Server as the local administrator.
    2. Import the public key(certificate) for Report Builder , replacing REPORT_JRE_HOME with your own path.
      Note:

      You will need to provide an alias to avoid conflict with the default alias "mykey" for the Platform Application Center certificate.

      C:\analytics8.0_reports\jre\bin\keytool  -import -file tableau.crt  -alias tableau -keystore  REPORT_JRE_HOME/lib/security/cacerts

    3. Enter the keystore password.
    4. Edit analytics8.0_reports\conf\rptbuilder.conf and set these parameters to the following values:
      TableauSSLEnabled=Y
      AnalyticsReportingServerPort=443
    5. Restart the Platform Analytics Report Builder service.

      For example:

      C:\analytics8.0_reports\bin\perfadmin.bat stop parb
      C:\analytics8.0_reports\bin\perfadmin.bat start parb
  7. Configure Platform Application Center.
    1. Log in to the Platform Application Center web server as root.
    2. Import the public key(certificate) for Platform Application Center, replacing /opt/pac with the directory in which you installed Platform Application Center.

       # keytool -import -file tableau.crt    -alias tableau    -keystore  /opt/pac/jre/linux-x86_64/bin/keytools

    3. Set your Platform Application Center environment:

      For example:

      • For csh or tcsh:

        # source /opt/pac/cshrc.platform

      • For sh, ksh, or bash:

        # . /opt/pac/profile.platform

    4. Edit /opt/pac/gui/conf/pmc.conf and specify the Tableau server host name.

      TABLEAU_SERVER=https://Tableau_host_name:443

      For example:

      TABLEAU_SERVER=https://tabv6.lsf.platform.com:443

    5. Restart Platform Application Center to apply the changes.
      # pmcadmin stop
      # pmcadmin start
  8. Install the SSL certificate (.crt file) on the Tableau Desktop.
    1. Log in to Windows as a domain or local administrator.
    2. Select Start > Run, type mmc and press Enter.
    3. Select File > Add/Remove Snap-ins.
    4. Under Available snap-in select Certificates and click Add.
    5. Select Computer account and click Next.
    6. Leave Local computer checked and click Finish.
    7. Expand Certificates (Local Computer) > Trusted Root Certification Authorities > Certificates.
    8. Right-click Certificates and select All Tasks > Import.
    9. Browse to the .crt certificate file used by the Tableau Server, and select Open.
    10. Click Next.
    11. Ensure that the Certificate Store field has the value Trusted Root Certification Authorities, and click Next.
    12. Click Finish, a popup message is displayed, click OK.