Version(s): 9.3, 9.1, 9.2, 10.0
Last Modified Date: 16 Aug 2016
This article describes how to connect from the Tableau Mobile app on an Android or iOS device to a Tableau Server configured for SSL.
Connecting to a server that doesn't use a trusted SSL certificate
When you try to connect to an SSL-configured Tableau Server that lacks a certificate issued by a trusted CA (certificate authority), you can't connect using encrypted communication. Instead, you might receive either of the following messages:
The URL you provided specifies an encrypted (https) connection, but the certificate provided by the server is untrusted. Tableau Mobile can connect to this server only over a non-secure (http) connection, or you can sign in through the web browser. How would you like to connect?
Tableau Mobile cannot connect to this server. The URL you have provided specifies an encrypted (https) connection, but the server’s certificate is untrusted. You can sign in through the web browser instead. How would you like to proceed?
How to proceed
The errors provide one or more of the following options to addressing the situation.
Continue in the app: Signs in to the server over an unencrypted connection. If you sign in, other people might be able to read communication between the app and the server, including your data and passwords.
Open in the web browser: Connects to the server using a web browser instead of the app. The browser allows you to accept an untrusted certificate and make an https connection. However, the security of https requires trusted certificates.
Learn more: Directs you to this article.
If you are unsure which option is appropriate for your environment, contact your Tableau Server or IT administrator and share this article with them.
Why this issue occurs
Previous versions of the Tableau Mobile app allowed you to override a security message and use an https connection without verifying the server’s SSL certificate. Starting with version 9.1, the app no longer allows you to do this, improving security. When a server uses an SSL certificate issued by an untrusted CA, Tableau Mobile cannot verify the certificate, so the app prevents you from connecting to the server.
Note: Encountering this message is not necessarily a sign of an attack or a security problem. Servers can be intentionally configured to use SSL certificates that aren't publicly trusted for a variety of reasons.
Work with your Tableau Server administrator to establish trust between your mobile device and the server’s SSL certificate. There are three ways to achieve this:
Configure Tableau Server to use an SSL certificate issued by a trusted CA
Obtain a certificate from a CA trusted by iOS or Android.
For a list of certificates trusted by iOS, see this page on the Apple Support site.
Install the certificate chain file on the SSL tab in the Configure Tableau Server utility. For information, see Configure External SSL in the Tableau Server Help.
(iOS only) Establish trust on the device for Tableau as the developer of the Tableau Mobile enterprise app. For information, see Guidelines for installing custom enterprise apps on iOS. (This step isn't necessary if your organization uses a Mobile Device Management system.)
Configure the device to trust the existing certificate on Tableau Server
There are a number of ways to achieve this, but here are a couple examples:
Ask the Tableau Server administrator to email the certificate as an attachment to mobile users. Then have the users open the attachment and follow prompts to install it manually. For example procedures that might serve as a guideline, see Import a Certificate with an Apple iOS or Android Device.
Note: The example procedures are from a third-party website that is not affiliated with Tableau. As of the time this article was published, the information was relevant to this issue. However, the information can change at any time without our knowledge.
Use tools such as the Apple Configurator utility or a Mobile Device Management system to configure all devices to trust the certificate.
Use an SSL certificate issued by an internal CA
For this option, you would do both of the following:
- Configure Tableau Server to use an SSL certificate issued by an internal Certificate Authority.
- Configure your mobile devices to trust that internal Certificate Authority. (This step isn't necessary if your IT department manages your mobile devices.)
Alternate Search Terms:mobile app secure connection, encrypted connection, mdm, enterprise profile