We are running metabase on Windows Server. Recently have updated to the latest version. And facing some troubles configuring SSL certificate.
Steps I have done:
Genereted keys with keytool
Generated CSR file
Signed CSR file on CA
Loaded certificate into keystore file
Then followed instruction on Redirecting…
I have run those commands in cmd
set MB_JETTY_SSL=true
set MB_JETTY_SSL_PORT=8443
set MB_JETTY_SSL_KEYSTORE=C:\ssl\new\metabase.keystore
set MB_JETTY_SSL_KEYSTORE_PASSWORD=password
java -jar metabase.jar
Service starts and seems like ssl is on
But https can not be turned on
Can anyone help me to resolve this issue?
Hi @koven
I would highly recommend using a reverse-proxy to handle certificates - it's easier than doing it through Java.
But your Site URL is dashboard.erg.kz:3000, which explicitly is http - change it to dashboard.erg.kz:8443 if Metabase is actually accessible on that address.
Hi, @flamber
Thank you very much for your fast response. I have tried your suggestion. But still have some issues with certificate. Seems like certificate is not valid to Metabase. Are there any specific template in CA to be signed with? Or maybe there some fields that must be included in certificate or vice versa must not be included?
@koven I cannot see which certificate you have created or how you have defined the CA.
Certificates are very complex - I can only recommend that you use a pre-packaged solution, which does most of the work for you (likely through a reverse-proxy).
@flamber, hello.
I was able to configure certificate with Jetty. But I have one question about redirect. I have enabled "Redirect to https" in settings. And when I try to open http://metabase:3000 it just redirects to https://metabase:3000, and does not change port. Is it possible to configure redirect correctly, so that it will also change port
@koven I would highly recommend using a reverse-proxy. It's much simpler to control everything. Remove all the redirects and certificates you have done in Metabase, and just do it on the reverse-proxy.
