SSL Certificate for MacOS

Hi,

When configuring SSL certificates; is there any exception for MacOS?

We have a client where we have successfully configured the SSL certificates, however, I have just picked up that one Mac user, when accessing the internal URL, the site still shows up as "Not Secure"

Is there any additional configuration that needs to be applied for MacOS?

 

Thanks

Monique

11replies Oldest first
  • Oldest first
  • Newest first
  • Active threads
  • Popular
  • Hi Monique, 

    you have to make sure the SSL certificate is installed on the Mac. Have you done that? 

    Reply Like
  • Hi Monique - When SSL is applied we define the URL that will be used by the end users. This is the URL that will be trusted. For example, if you have a URL such as https://thoughtspot.abc.com which all end users will use to access ThoughtSpot - this URL will be the trusted URL. There are other ways to access ThoughtSpot such as using the IP address or using a fully qualified host name (FQHN) - e.g.: https://abc123.tdc.tspot.com. If someone accesses ThoughtSpot through any other URL (such as the IP or FQHN) they will get the SSL warning. Because you said it is one person and they are using an internal URL - I would check that they are using the same URL as all other users.

    Reply Like
  • Marc Price 

    Hi Marc

    Does this mean we have to apply this for every mac user in the organisation? That wouldn't make sense. I am also not sure if it's all Mac users that are experiencing this or just the one we checked yesterday.

    Reply Like
  • Neil Coleman 

    Hi Neil

    Yes we've applied the SSL certificate

    I'll try and do further investigation on this, as it's just been this one user so far. 

    Reply Like
  • Monique usually, during a build of a laptop/mac a root SSL certificate will be installed on all devices on the network, which should register the SSL certificate for Thoughtspot. 

    its weird that is it only happening for one user though. Maybe a config issue on that specific Mac device 

    Reply Like
  • Marc Price 

    Marc Price  Could be.

    I am not sure where to start looking for the issue, Busy doing some root cause analysis, will post the solution, once we've located it

    Reply Like 1
  • Hi Neil Coleman 

    Just a quick question; you mentioned here that users might get the "Not Secure" message if TS is accessed via the IP or FQHN. Is there a difference between defining a trusted URL (as mentioned in the former part of your response) and using a FQHN? I am well aware that using the IP address will present this message.

    Just need some clarity please, thanks.

    Reply Like
  • Hi Monique - as an example, if you have a 1TB 4 Node environment, each node will have an IP address and a fully qualified host name (FQHN). For example the nodes may have a FQHN using something like abc.tsnode1.com, abc.tsnode2.com, abc.tsnode3.com and abc.tsnode4.com. The main URL used by end users to access ThoughtSpot will be abc.thoughtspot.com. This URL is typically set up in a DNS server where it will redirect traffic to the ThoughtSpot nodes. When we enable SSL we identify the URL that is trusted. In this case we set the SSL certificate to trust abc.thoughtspot.com. If a user connects to ThoughtSpot using abc.tsnode1.com they will get the "Not Secure" warning as abc.tsnode1.com was not the trusted URL when SSL was established. Does this help?

    Reply Like
  • Hi Neil Coleman 

    Yes this makes sense. Thank you.

    I will definitely need to confirm how the certificate was applied; thanks for the clarification on this.

    Reply Like 1
  • Hi

    For all that were following this topic, the issue was on the user's machine. The certificate was not added to his machine. He was experiencing issues with other certificates (not just ThoughtSpot) and that's how the issue was picked up. The fix was to add the certificate to his machine manually, as it was not added automatically when the SSL certificate was configured. But the main thing is that the issue was pertaining to the user's machine.

    Reply Like 1
  • glad you get it resolved, Monique ! 

    Reply Like
Like Follow
  • Status Answered
  • 1 mth agoLast active
  • 11Replies
  • 32Views
  • 3 Following