SSL Configuration

We are running metabase on Windows Server. Recently have updated to the latest version. And facing some troubles configuring SSL certificate.
Steps I have done:

  1. Genereted keys with keytool
  2. Generated CSR file
  3. Signed CSR file on CA
  4. Loaded certificate into keystore file
    Then followed instruction on
    I have run those commands in cmd
    set MB_JETTY_SSL=true
    set MB_JETTY_SSL_PORT=8443
    set MB_JETTY_SSL_KEYSTORE=C:\ssl\new\metabase.keystore
    java -jar metabase.jar
    Service starts and seems like ssl is on
    But https can not be turned on
    Can anyone help me to resolve this issue?

Hi @koven
I would highly recommend using a reverse-proxy to handle certificates - it's easier than doing it through Java.
But your Site URL is, which explicitly is http - change it to if Metabase is actually accessible on that address.

Hi, @flamber
Thank you very much for your fast response. I have tried your suggestion. But still have some issues with certificate. Seems like certificate is not valid to Metabase. Are there any specific template in CA to be signed with? Or maybe there some fields that must be included in certificate or vice versa must not be included?

@koven I cannot see which certificate you have created or how you have defined the CA.
Certificates are very complex - I can only recommend that you use a pre-packaged solution, which does most of the work for you (likely through a reverse-proxy).

@flamber, do you mean something like IIS, Tomcat? Which one is preferable to use for Metabase in Windows server?

@koven Use whatever you know the best and know how to handle certificates and reverse-proxy in.

@flamber, hello.
I was able to configure certificate with Jetty. But I have one question about redirect. I have enabled "Redirect to https" in settings. And when I try to open http://metabase:3000 it just redirects to https://metabase:3000, and does not change port. Is it possible to configure redirect correctly, so that it will also change port

@koven You need to set the Site URL in Admin > Settings > General to what the final actual URL should be.

Yes, I already did it. But it does not help

@koven I would highly recommend using a reverse-proxy. It's much simpler to control everything. Remove all the redirects and certificates you have done in Metabase, and just do it on the reverse-proxy.