DEV Community

Cover image for Generate a CSR on Tableau Server
Eden Allen
Eden Allen

Posted on

Generate a CSR on Tableau Server

#webdev #tutorial #learning #ssl

This guide walks you through generating a Certificate Signing Request (CSR) on Tableau Server for both Windows and Linux environments. A CSR is required when purchasing an SSL/TLS certificate from any certificate authority.

Before You Begin

Make sure the following are in place before starting the CSR generation process.

You should have Tableau Server installed and running on your machine. You need administrative access to the server's host machine. OpenSSL should be available on the system - Tableau Server bundles it through Apache, so a separate installation is typically unnecessary. You should also have a valid Fully Qualified Domain Name (FQDN) ready for your Tableau Server and write permissions to the Tableau Server Apache directories.

Basic familiarity with the command line is helpful, though the steps below are straightforward enough to follow even if you are not a regular terminal user.

Generating a CSR on Tableau Server for Windows

1. Open the Command Prompt

Log into your server machine with an administrator account and open the Command Prompt. Right-click and select "Run as Administrator" to ensure you have the necessary permissions.

2. Navigate to the Apache Directory

Change your directory to the Apache bin folder inside your Tableau Server installation. The default path looks like this:

C:\Program Files\Tableau\Tableau Server\packages\apache.<version_code>\bin

Replace <version_code> with the actual build number of your Tableau Server installation. For example, it might look like 20183.18.1128.2033. You can find this number by checking your Tableau Server version details or browsing the packages folder to see the available directory names.

3. Generate the Private Key

Run the following command to create your private key file:

openssl genrsa -out yourcertname.key 2048

Replace yourcertname with a meaningful name that identifies your server or domain. This file contains your private key, which must be kept secure and never shared with anyone.

4. Generate the CSR

Using the private key you just created, run the following command to generate your CSR:

openssl req -new -key yourcertname.key -out yourcertname.csr

If you see a warning about the directory usr/local/ssl not being found, you can safely ignore it. This directory path is a Linux default and does not exist on Windows systems.

If you receive an error stating that the configuration file cannot be loaded, you will need to specify the OpenSSL configuration file path manually. Rerun the command with the configuration argument appended:

openssl req -new -key yourcertname.key -out yourcertname.csr -config ..\conf\openssl.cnf

5. Enter Your Certificate Details

OpenSSL will prompt you to fill in several fields with information about your organization and domain. Here is what to enter for each field.

  • Country Name - Enter the two-letter country code for your organization's registered location. For example, enter US for the United States.
  • State or Province Name - Type the full name of your state or province. Do not use abbreviations. For example, enter California rather than CA.
  • Locality Name - Enter the full name of the city where your organization is located. For example, San Francisco.
  • Organization Name - Enter the complete legal name of your business as it appears in official records. For example, Your Company LLC. If you are requesting a Domain Validation (DV) certificate, leave this field blank.
  • Organizational Unit Name - This field has been deprecated by the CA/Browser Forum and is no longer used. Leave it blank.
  • Common Name - Enter the exact URL or domain name through which users will access your Tableau Server. For example, if users connect through yoursite.com, enter that as the Common Name. Make sure this matches your FQDN precisely.
  • Email Address - Enter a valid email address where you can be reached regarding the certificate.
  • Extra Attributes - When prompted for a challenge password and optional company name, leave both fields blank and press Enter to skip them.

Your CSR file (yourcertname.csr) and private key file (yourcertname.key) are now generated and saved in the Apache bin directory.

Generating a CSR on Tableau Server for Linux

1. Navigate to the Apache Directory

Open your terminal and change to the Apache bin directory within your Tableau Server installation:

/opt/tableau/tableau_server/packages/apache.<version_code>/bin

Replace <version_code> with your server's actual build number. For example, 20183.18.1128.2033. You can find the correct directory name by listing the contents of the packages folder.

2. Generate the Private Key

Run the following command to create a 2048-bit RSA private key:

openssl genrsa -out yourcertname.key 2048

Replace yourcertname with a descriptive name for your certificate. Keep this key file secure - anyone with access to it could potentially impersonate your server.

3. Generate the CSR

Run the following command to create your CSR using the private key from the previous step:

openssl req -new -key yourcertname.key -out yourcertname.csr -config ../conf/openssl.cnf

The -config flag points OpenSSL to the configuration file bundled with Tableau Server's Apache installation. This ensures the CSR is generated with the correct settings.

4. Enter Your Certificate Details

OpenSSL will display a series of prompts asking for information about your organization and domain. Fill in each field as follows.

  • Country Name - Enter your two-letter country code. For example, CA for Canada.
  • State or Province Name - Enter the full name of your state or province without abbreviations. For example, Ontario.
  • Locality Name - Enter the complete name of your city. For example, Ottawa.
  • Organization Name - Enter the full legal name of your organization exactly as it appears in official business records. For example, Your Company LLC. For Domain Validation (DV) certificates, leave this field blank.
  • Organizational Unit Name - This field is deprecated and no longer recognized by certificate authorities. Leave it blank and press Enter.
  • Common Name - Enter the domain name or URL through which users connect to your Tableau Server. For example, if your server is accessed at yoursite.com, enter that as the Common Name.
  • Email Address - Provide a valid email address associated with your organization.
  • Extra Attributes - Skip the challenge password and optional company name prompts by pressing Enter without typing anything.

Your CSR and private key files are now ready in the Apache bin directory.

Next Steps After CSR is Generated

Once your CSR is generated, open the .csr file using a text editor. Copy the entire contents, including the -----BEGIN CERTIFICATE REQUEST----- and -----END CERTIFICATE REQUEST----- lines. Paste this into the certificate order form when purchasing your SSL/TLS certificate from your chosen certificate authority.

Keep your .key (private key) file safe. You will need it during the certificate installation process after your certificate authority issues the signed certificate. Never share your private key file or transmit it over unsecured channels.

Reference - How to Generate a CSR on Tableau Server?

Top comments (0)