How Mutual SSL Authentication Works
Mutual (or two-way) SSL authentication provides a combination of an encrypted data stream, mutual authentication of both server and client, and direct access convenience. To use mutual SSL with Tableau Server, you need the following:
-
External SSL configured on Tableau Server.
-
A trusted CA-issued SSL certificate for Tableau Server. The file is a concatenation of CA certificate files. A "CA" is a certificate authority that issues certificates to the client computers that will connect to Tableau Server. The action of uploading the CA certificate file establishes a trust, which enables Tableau Server to authenticate the individual certificates that are presented by the client computers.
-
A certificate on each client that will connect to Tableau Server.
-
A Tableau Server configured to use mutual SSL.
Tableau Server and the client verify that each other has a valid certificate, and Tableau Server authenticates the user, based on the user name in the client certificate.
The following image shows a little more detail about the sequence of events that occurs with mutual SSL.
-
The user navigates to Tableau Server.
-
Tableau Server sends its SSL certificate to the client computer.
-
The client computer verifies the Tableau Server certificate.
-
The client computer sends its certificate to Tableau Server.
-
Tableau Server verifies the client certificate.
-
Tableau Server references the user name in the client certificate to authenticate the user.