This site uses different types of cookies, including analytics and functional cookies (its own and from other sites). To change your cookie settings or find out more, click here. If you continue browsing our website, you accept these cookies.
While attempting to add your Gallery (Alteryx Server) to your Connect instance, you get the following error message:
An error occurred while automatically trying to obtain gallery keys I/O error on POST request for "https://localhost/gallery/api/auth/preauth/": sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; nested exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target..
The error message means that Apache Tomcat (Connect runs Tomcat as it's underlying web server) does not trust the certificate that your Gallery is using for SSL encryption. This error is most frequently caused by using a certificate that is self-signed and not issued by a certificate authority (CA) for your Gallery. This error can also occur with a CA-issued certificate when the CA was only recently added to Java. Connect does not always contain the latest version of Java, therefore a recently added CA may not exist as a trusted issuer in your Connect instance.
To resolve this error, you need to import your *.crt certificate into the Java Keystore in Connect.
Right-click on the Command Prompt application and select Run as administrator.
In your command prompt, navigate to the directory containing the Java Keytool (the location will depend on where your instance of Connect is installed, the following example uses the default location):
cd "c:\Program Files\AlteryxConnect\jre\bin\"
Locate the *.crt certificate you are using to run SSL in your Gallery.
In this example, I've used OpenSSL to generate an SSL certificate, and therefore my certificate is in the directory C:\OpenSSL-Win64\bin. Update this path in the following commands according to your certificate's file path.
Import the certificate into cacerts keystore in the Connect folder with the following commands. In this example, I am using gallery as the certificate's alias (the certificate must have a unique identification), but you can replace this with whatever string you would like to use: