KNOWLEDGE BASE

Configuring Tableau Server for OpenID Connect Using Uncommon or Self-Signed Certificates


Published: 13 Dec 2016
Last Modified Date: 04 Jan 2017

Question

How to configure Tableau Server for OpenID Connect (OIDC) when using an uncommon or self-signed certificate.

Environment

Tableau Server 

Answer

  1. Place the OIDC SSL certificate in the Tableau Server SSL folder. By default, the location is C:\Program Files\Tableau\Tableau Server\SSL\
  2. Open a command prompt as an administrator and navigate to C:\Program Files\Tableau\Tableau Server\<version>\repository\jre\bin\
  3. Run the following command to import the OIDC SSL cert into the cacert keystore: 
    keytool -importcert -file "c:\Program Files\Tableau\Tableau Server\SSL\IdPSSLCert.cer" -keystore ../lib/security/cacerts.jks -alias "OIDC IdP"
  4. A prompt for the cacert password will appear. Enter the password “changeit”, then confirm the import was completed successfully.
  5. Restart Tableau Server to ensure the OIDC SSL certificate is trusted on subsequent authentication attempts.
     

Additional Information

In order for Tableau Server to communicate with an OpenID Connect OP utilizing SSL, the SSL certificate must be trusted. Not all certificates are trusted by default. 
Did this article resolve the issue?