Last Updated: 2023-03-02 16:04:21
Curator 101: Updated Setup of SSL/TLS Certificates for HTTPS
Matthew Orr
Curator Engineer
March 2, 2022
This post is an update to a previous blog about SSL/TLS certificates and has been updated to reflect the most current capabilities and UI of Curator.
If your Curator portal is available to the World Wide Web, we highly recommend setting up encryption for the connection between your users and Curator itself. It’s like having a luxury Italian sports car but leaving the doors unlocked in a seedy area with the keys in plain view—something is bound to be stolen. Even if Curator is tucked behind a nice firewall, setting up an encrypted connection isn’t a bad idea.
Determining Where to Terminate Encryption
The one thing to consider here is that if your Curator portal sits behind some sort of network device, such as a reverse proxy or load balancer, you may need to terminate the encrypted connection there instead of Curator itself (see the documentation for configuring Curator behind proxies). The other option is to configure that network device to allow encrypted traffic through to Curator unharmed, so Curator is the one that handles terminating the SSL/TLS connection.
If the encrypted connection is not terminated on a load balancer or reverse proxy, you will need to set up SSL/TLS on the Curator server. To do so, you’ll need to have an SSL/TLS certificate file and a private key file. These are usually generated by your own IT department. Be sure they include Subject Alternative Names when they are generated.
Configuring Linux-based Curator Instances
This is a broad outline to give you an idea of what will need to take place. The online documentation has the detailed instructions on how to carry out each of these steps:
- Ensure Apache’s SSL/TLS module (mod_ssl) is installed and enabled.
- Upload your SSL/TLS certificates and key to the Curator server.
- Add or modify the Apache configuration for port 443 to use those certificates and key.
- Restart the Apache web service and test the HTTPS version of your Curator link (i.e. https://your.curator.portal/) in a browser.
- If needed, configure Curator to force all the links it generates to use the HTTPS protocol.
Configuring Microsoft Windows-based Curator Instances
Please note that these steps are specific to Windows servers using the Apache HTTPD web server. Contact us if you need help configuring IIS to support SSL/TLS.
Here is a broad outline of what will need to take place. Again, the online documentation contains the detailed instructions on how to perform each of these steps:
- Upload your SSL/TLS certificates and key to the Curator server.
- Modify the existing Apache configuration for port 443 to use those certificates and key.
- Restart the Apache web service and test the HTTPS version of your Curator link (i.e. https://your.curator.portal/) in a browser.
- If needed, configure Curator to force all the links it generates to use the HTTPS protocol.
Recently, Tableau has been encouraging the use of connected apps for external applications, instead of using trusted tickets. All of Tableau’s recent embedding features require connected apps. Since this only deals with behind the scenes authentication, there is no impact to the end user. In our effort to remain closely aligned with Tableau, Curator is transitioning to only using connected apps.
Curator has added the feature to be able to send mark commenting data to a webhook. With the widespread use of API integration platforms, this really opens the doorway to virtually unlimited use cases.
If you’ve got users reporting access issues, your first stop on the road to resolution should be the User Menu Access button. This feature gives you a snapshot view of any given user’s current menu structure, as well as their permissions status for all the content within that menu.