1. Titles and Toolbars

    2. Homepage

    3. Curator Styles

    4. Group Overrides

    1. Pages Overview

    2. Tiles

    3. Error Pages

    4. SSRS Embedding

    5. Explorer

    6. User Customized Metrics

    1. Tutorials

    2. Search

    3. Managing Menus

    4. Menu Items

    5. Keywords

    6. Files

    7. Notices

    8. Loading Screens

    1. Embedded Tableau Server Views

    2. Thumbnails

    3. Tagged Workbooks

    4. Favorites

    5. Email Subscriptions

    6. Data Export

    7. Download Workbook

    8. Share Workbook

    9. Custom Views

    10. Pause/Resume Changes

    11. Dashboard Titles

    1. Filters

    2. Parameters

    3. Apply Button

    4. Filter Categories

    5. Hidden Sticky Filters/Parameters

    6. Specify Filter Sheet

    7. Mark Commenting

    8. URL Action Overrides (Link Target)

    9. Hidden Dashboards

    10. Replace Dashboard URLs

    11. Site Switcher

    12. Cache Filter/Parameter Options

    1. Data Manager Basics

    2. Web Data Connector (WDC)

    3. Connecting to Data Manager

    4. User Commenting

    5. Field Calculations

    1. Overview and Enabling

    2. Report Builder: Scheduled Reports Option

    3. Report Builder: Email Option

    4. Report Builder: Watermark Text

    1. Automatic License Provisioning

    2. Just-in-time (JIT) Provisioning

    3. Users and Groups

    4. Reset User's Password

    1. Frontend User Permissions

    2. Password Change

    3. Password Reset

    4. Password Expiration and Complexity

    1. E-mail Configuration

    1. Force SSL

    2. Trusted Tickets

    3. Basic HTTP Authentication

    1. Import / Export

    2. Backend Users

    3. Frontend Users

    4. Updating License Key

    5. Linux: Cron Troubleshooting

    6. Filesystem Permissions

    7. Backend Administrator Password Reset

    8. Dependency Updates

    9. Manual Restoration of Curator Backup

    10. Updating Curator Logging

    11. Third Party Cookies

    12. Troubleshooting Load Times

    13. Curator Backup

    14. Taking a Manual Full Backup

    1. System Upgrade

    2. Disable Curator Upgrades

    3. Offline Upgrades (Airgapped)

    4. Troubleshooting Upgrades

    1. Scripts

    2. Commands

    3. Subscription Routing

    1. Curator API Overview

    2. Integration

    3. Curator API

    4. Tableau API

    5. Content

    6. User API

    1. Username Mapping

Setup: Server Configuration

Linux SSL

  1. First, find your curator.conf file. For Ubuntu installations, this is located in /etc/apache2/sites-enabled. For all other Linux distributions, this file is located in /etc/httpd/conf.d/curator.conf. If you cannot find this file, you may have an old Curator installation. If so, download curator.conf here.

  2. Upload your SSL certificate, key, and (optionally) chain files to the webserver. This can be done with a secure copy (SCP) client, such as FileZilla. Place these certificates in /etc/apache2/certs for Ubuntu, or /etc/httpd/certs, for all other Linux distributions.

  3. Replace the references to SSLCertificateChainFile, SSLCertificateFile, and SSLCertificateKeyFile in the curator.conf to the location you uploaded them to in Step #2.

  4. Save the contents of the file and restart apache with the commands below:

    sudo apachectl restart
  5. Navigate to the HTTPS version of the link to your portal in your browser (i.e. https://exampleportal.com). You should see a lock icon appear in the URL bar after the site loads to indicate that it is successfully encrypted. If you don’t see the lock or if you get an error, check your certificate for invalid information, such as incorrect site name or missing Subject Alternative Names.

Debugging SSL

Having issues? It happens! SSL certificates can be uniquely challenging to implement. Here are a few debugging tips:

  1. Make sure the certificate and key match. Often these get mismatched. Your server will not start if they do not match. (Note: if either of these commands errors, you may not have correctly formatted certificates. Make sure you acquired Apache/PEM certificates.)

    openssl rsa -modulus -noout -in yourkeyfile.key | openssl md5
    openssl x509 -modulus -noout -in myserver.crt | openssl md5
  2. The certificate chain file is important, but can cause issues. If your Curator server won't start, try commenting out the SSLCertificateChainFile line in curator.conf temporarily to ensure that the issue is not the chain file.

  3. Check Apache/HTTPD's error log. This can be found in /var/log/apache2/error_log (Ubuntu) or /var/log/httpd/error_log (All other distros). Also check /var/www/curator_error.log, if it exists. If the error message is not detailed enough, try increasing "LogLevel" to "debug" in curator.conf. (Note: be sure to set this value back to "warn" after you are done!)

Notes on obtaining SSL certificates

  1. Curator uses "Apache" type certificates. These may be refered to as "OpenSSL" or PEM certificates as well.
  2. These certificates may in one big bundle, or separated into key, certificate, and chain files.
  3. When installing key certificates, many providers require a key-passphrase. Once installed on the Curator server and at rest, you may wish to remove this passphrase. If the passphrase remains, it will be required anytime there is a restart of the web server. STORE THE PASSPHRASE IN A SAFE PLACE. IF IT REMAINS ON THE KEY AND IS LOST YOU WILL HAVE TO GENERATE NEW CERTIFICATES. To remove the passphrase, use this command.
     openssl rsa -in [original.key] -out [new.key]

SSL Protocols / Ciphers (Optional)

  1. You may wish to update your SSL protocols and cipher suites. To do this, you'll need a little more info about your web server. Run the command below to get the Apahce and OpenSSL versions:

    httpd -V 2>/dev/null | grep version; apache2 -V 2>/dev/null | grep version; openssl version; php -v | grep cli

    This should output something like:

    Server version: Apache/2.4.48 ()
    OpenSSL 1.0.2k-fips  26 Jan 2017
    PHP 7.4.21 (cli) (built: Jul  7 2021 17:35:08) ( NTS )
  2. Take the infomation retrieved in the previous step and use it to fill out the form on this SSL Certificate Generator site.

    • Select Apache for "Server Software"
    • Select Intermediate for "Mozilla Configuration".
    • Enter your Apache version
    • Enter your OpenSSL version
  3. Replace the appropriate areas in the curator.conf file with the SSLProtocol and SSLCipherSuite that was generated on the SSL Certificate Generator site.

    For example:

    SSLProtocol             all -SSLv3 -TLSv1 -TLSv1.1
    SSLCipherSuite          ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
  4. Have a server open to the internet? Qualys has a free tool to test the certificates, protocols/ciphers, and their security: https://www.ssllabs.com/ssltest/analyze.html