Question
How to configure SSL connection to Google Cloud SQL (PostgreSQL)
Last Modified Date: 20 Dec 2023
Environment
- Tableau Server 2020.4 and later
- Linux
Answer
1. Convert the Google Cloud SQL key using open-ssl in Tableau Server"openssl pkcs8 -topk8 -nocrypt -inform PEM -in client-key.pem -outform DER -out client-key.pk8 -v1 PBE-MD5-DES"
2. Create the postgres.properties file as below and placed it in "/var/opt/tableau/tableau_server/data/tabsvc/vizqlserver/Datasources/".
sslmode=verify-ca
sslcert=<path>/client-cert.pem
sslrootcert=<path>/server-ca.pem
sslkey=<path>/client-key.pk8
e.g. if the certificates are placed in "/var/opt/tableau/tableau_server/data/tabsvc/vizqlserver/Datasources/":
sslmode=verify-ca
sslcert=/var/opt/tableau/tableau_server/data/tabsvc/vizqlserver/Datasources/client-cert.pem
sslrootcert=/var/opt/tableau/tableau_server/data/tabsvc/vizqlserver/Datasources/server-ca.pem
sslkey=/var/opt/tableau/tableau_server/data/tabsvc/vizqlserver/Datasources/client-key.pk8
3. Connect to Google Cloud SQL (PostgreSQL) using the Postgres SQL connector in the Tableau datasource menu, enter username/password and tick the SSL checkbox.
If flow also needs to connect Google Cloud SQL, the same configurations also need to be done in flowminerva service then restart Tableau Server service:
1'. Create the postgres.properties file as below and placed it in "/var/opt/tableau/tableau_server/data/tabsvc/flowminerva/Datasources/".
2'. postgres.properties should be:
sslmode=verify-ca
sslcert=/var/opt/tableau/tableau_server/data/tabsvc/flowminerva/Datasources/client-cert.pem
sslrootcert=/var/opt/tableau/tableau_server/data/tabsvc/flowminerva/Datasources/server-ca.pem
sslkey=/var/opt/tableau/tableau_server/data/tabsvc/flowminerva/Datasources/client-key.pk8
3'. Restart Tableau Server service by tsm restart.
4'. Connect to Google Cloud SQL (PostgreSQL) using the Postgres SQL connector in the flow edit page, enter username/password and tick the SSL checkbox.
Additional Information
Unable to connect to Google Cloud SQL Postgres with SSL enabled
Use a PROPERTIES file to customize a JDBC connection
Note:
To enforce SSL connections for Google Cloud SQL Postgres data sources in Tableau Server, the SSL mode needs to be set to verify-ca or verify-full.
Above SSl Mode Descriptions will always require a valid SSL certificate to connect.
Alternatively, if your Tableau server environment has multiple Postgres data sources and some of them are on non-SSL connections, then use options like sslmode=allow or sslmode=prefer as it allows both SSL and non-SSL-based connections.
Refer to the below Postgres documentation for detailed information about the SSL Mode Descriptions
https://www.postgresql.org/docs/current/libpq-ssl.html
Thank you for providing your feedback on the effectiveness of the article.
Open new Case
Continue Searching
Knowledge Base
Community
Product Help
Training and Tutorials