Create Certificates for Securing Aternity Dashboard Server

The Dashboard Server displays Aternity's intuitive dashboards using Tableau as its engine. It presents the data from the Aternity Vertica Database Server.

This article provides a procedure for creating the required certificate and private key for securing Aternity Dashboard Server.

When you configure servers to use Secure Sockets Layer (SSL) encryption, this ensures that access to the server is secure and that data is protected.

Tableau Server uses Apache, which includes OpenSSL. You can use the OpenSSL toolkit to generate a key file and Certificate Signing Request (CSR) which can then be used to obtain a signed SSL certificate

Before you begin

  • Complete setting up the Aternity Dashboard Server and the set up of the Dashboard Gateway.

  • Tableau Server includes OpenSSL toolkit. Make sure you have the toolkit. Get it by navigating to [TABLEAU_HOME]\[VERSION]\apache\bin. For example, D:\program files\tableau\tableau server\10.4\apache\bin. You need it to generate a key file and Certificate Signing Request (CSR) which will be used to obtain a signed SSL certificate.

  • Make sure you have access to the organizational certificate signing web interface or that you have the contact details of the person responsible for certificates signing.

  • (Optional) To avoid repeatedly entering the full path to the OpenSSL utility, add the tool’s location to the Windows path, using command prompt:
    set PATH=%PATH%;[TABLEAU_HOME]\[VERSION]\apache\bin
    For example:
    set PATH=%PATH%;D:\program files\tableau\tableau server\10.4\apache\bin

Procedure

  1. Step 1 Generate a key file.
    1. a On the Aternity Dashboard Server, create a folder to hold all the files you will create in the following steps (for example, D:\certificates).
    2. b Set the OpenSSL configuration environment variable to the Tableau suggested configuration by running the following command:
      set OPENSSL_CONF=[TABLEAU_HOME]\[VERSION]\apache\conf\openssl.cnf
      For example:
      set OPENSSL_CONF=D:\Program Files\Tableau\Tableau
          Server\10.4\apache\conf\openssl.cnf

      Otherwise, you may encounter several error messages when proceeding.

    3. c Generate a key file by running the following command:
      openssl genrsa -out [KEY_FILE_NAME].key [KEY_LENGTH]
      For example:
      openssl genrsa -out example.key 4096
      Field Description
      KEY_FILE_NAME The name of the generated target key file
      KEY_LENGTH

      The key length in bits. Unless explicitly stated or left empty, the default size 512 will appear. Values less than 2048 are not recommended because short keys are less secure.

    4. d Verify that the RSA private key file has been created in the \certificates folder.
  2. Step 2 Create a certificate signing request (CSR) to send to a certificate authority (CA).
    1. a Create a certificate signing request by running the following command:
      openssl req -new -key [KEY_FILE_NAME].key -out [CSR_FILE_NAME].csr
      For example:
      openssl req -new -key example.key -out aternity_tableau_FQDN.csr
    2. b When prompted, enter the requested information for the certificate:
      Parameter Description
      Country Name (C)

      (Optional) Enter a country code: Two letters abbreviation of the country name, for example, US for the United States.

      State or Province Name

      (Optional) Enter the relevant state or province name.

      Locality Name

      (Optional) Enter the relevant city name.

      Organization Name (O)

      (Optional) Enter the name of the company that owns that server.

      Organizational Unit (OU)

      (Optional) Enter the name of an organizational unit within the company.

      Common Name (CN) (Mandatory) This value must match the URL address that users and Aternity components will use to access this server. For example, example.aternity.com.
      Email Address (Optional) Enter the email address of the server owner.
    3. c Verify the certificate signing request (CSR) has been created.
  3. Step 3 Submit the CSR to a certificate authority (CA) to obtain a signed certificate.
    Note

    The exact procedure depends on the organization certificate authority and policies, so the steps below are general and may vary.

    1. a Submit the CSR created in the previous step to be signed by the organizational CA.

      You can submit it via web interface or send to the designated individuals.

    2. b Once submitted and signed by CA, receive the following:
      • Signed server certificate

      • Root CA certificate

      • Intermediate CA certificate(s): Depending on the organization policy, there may be one or more intermediate CA certificates in the server certificate’s trust chain.

    3. c Copy all certificates to the certificates folder created in step 1.
  4. Step 4 Verify that the signed server certificate, the root CA certificate, and any intermediate CA certificates, like cer or crt files are available from the \certificates folder.

    For additional information, see Tableau documentation.

  5. Step 5 Continue with setting an SSL encryption (HTTPS) for securing communication between servers.