How Mutual SSL Authentication Works

Mutual (or two-way) SSL authentication provides a combination of an encrypted data stream, mutual authentication of both server and client, and direct access convenience. To use mutual SSL with Tableau Server, you need the following:

  • External SSL configured on Tableau Server.

  • A trusted CA-issued SSL certificate for Tableau Server. The file is a concatenation of CA certificate files. A "CA" is a certificate authority that issues certificates to the client computers that will connect to Tableau Server. The action of uploading the CA certificate file establishes a trust, which enables Tableau Server to authenticate the individual certificates that are presented by the client computers.

  • A certificate on each client that will connect to Tableau Server.

  • Tableau Server configured to use mutual SSL.

Tableau Server and the client verify that each other has a valid certificate, and Tableau Server authenticates the user, based on the user name in the client certificate.

The following image shows a little more detail about the sequence of events that occurs with mutual SSL.

  1. The user navigates to Tableau Server.

  2. Tableau Server sends its SSL certificate to the client computer.

  3. The client computer verifies the Tableau Server certificate.

  4. The client computer sends its certificate to Tableau Server.

  5. Tableau Server verifies the client certificate.

  6. Tableau Server references the user name in the client certificate to authenticate the user.

Thanks for your feedback!Your feedback has been successfully submitted. Thank you!