Configure Postgres SSL to Allow Direct Connections from Clients

When Tableau Server is configured to use SSL for internal communication with the Postgres repository, you can also require SSL for Tableau clients that connect directly to the repository. Direct connections include those using the tableau user or the readonly user. Examples of Tableau clients include Tableau Desktop, Tableau Mobile, REST API, web browsers.

  1. Run the following commands:

    tsm security repository-ssl enable

    tsm pending-changes apply

    This enables internal SSL support, generates new server certificate and key files, and requires all Tableau clients to use SSL to connect to the repository. For additional repository-ssl commands and options, see tsm security.

    If the pending changes require a server restart, the pending-changes apply command will display a prompt to let you know a restart will occur. This prompt displays even if the server is stopped, but in that case there is no restart. You can suppress the prompt using the --ignore-prompt option, but this does not change the restart behavior. If the changes do not require a restart, the changes are applied without a prompt. For more information, see tsm pending-changes apply.

  2. (Optional) If you have configured your client computer to validate Postgres SSL connections, then you must import the certificate that is generated by Tableau Server onto the computers running Tableau Desktop. For each client computer that will connect directly to the repository, do the following:

    • Copy the server.crt file to the client computer. You can find this file in the following directory:

      C:/ProgramData/Tableau/Tableau Server/data/tabsvc/config/pgsql_0.<version_code>/security

      Note: Do not copy server.key to the client computer. This file should reside only on the server.

    • Import the certificate into the computer’s certificate store.

      For information, use the documentation from the operating system manufacturer.

Thanks for your feedback! There was an error submitting your feedback. Please try again.