This site uses different types of cookies, including analytics and functional cookies (its own and from other sites). To change your cookie settings or find out more, click here. If you continue browsing our website, you accept these cookies.
How To: Configure SSL (Issued SSL Certificate) on Connect
This article provides instructions for adding an issued SSL certificate to the web page hosted by Alteryx Connect so that the page is served securely.
Note: This article is intended for trusted certificates in your environment. You must have a copy of the certificate (such as .crt) and the signing key (such as .key), or a combined certificate file (such as .pfx or .p12) in order to complete this process. This certificate must be installed on all machines you intend to use with Connect as a trusted certificate if these machines are to be used in conjunction with Alteryx Connect, such as loading metadata with Alteryx Designer or search results from Alteryx Connect displayed within Alteryx Designer.
Alteryx Connect ≤ 2018.4
Trusted SSL Certificate
Administrator Permissions in Alteryx Connect
Stop the service Alteryx Connect via Windows Task Manager or Services dialog.
Back up the entire Connect install folder, (default C:\Program Files\AlteryxConnect\ ). This folder contains the H2 database as well as configuration files. If you are unable to get Connect to start properly after applying the modifications, you can restore this backup to restore original functionality.
Open a command prompt (CMD.exe) as administrator (Right Click > Run as Administrator).
The following steps will depend on the type of certificates you have:
To import a .pfx or .p12 file:
Change directory to the jre\bin folder inside the Connect install folder (default C:\Program Files\AlteryxConnect\jre\bin).
cd "C:\Program Files\AlteryxConnect\jre\bin"
Use the following command to import a .pfx or .p12 file to a new keystore. Replace the value after -srckeystore with your .pfx or .p12 file location and the value after -destkeystore to a directory accessible by the service account (default is SYSTEM or Local System) that is running the Alteryx Connect service. Take note of this location and your keystore password as you will need this information later. Note: If you are asked for the "source keystore" password during the process, this is the password for your .pfx or .p12 file, not the keystore password.
Once you have OpenSSL installed, change to the directory in Command Prompt with the openssl.exe (typically \bin under the OpenSSL installation directory) and run the following command to combine your cert and key pair. Make sure to replace the value after -in with the path to your .crt file, the value after -inkey with the path to your .key file, the value after -out with the destination combined file location, and the value after -name with a name for the certificate (such as the hostname of the server).
Once you have the new .p12 file, please follow the steps above to import a .pfx or .p12 file to a Java keystore file.
Once you have your keystore file, we can begin to configure Connect. Open the server.xml file within the conf directory inside the Connect install folder (default C:\Program Files\AlteryxConnect\conf) with a text editor such as Notepad.
Find line 70 within this file, add a new line, and add the following block of text. Modify the Connector port to the port number you wish to run Connect on, if not the SSL/HTTPS default of 443. Modify the keystorePass to the password for your keystore file that you created earlier. Modify the keystoreFile to the file location of your keystore file that you created in Step 4.
Verify that Alteryx Connect is operational. If Connect is not operational, check log files for potential errors in XML files that were edited or other error messages. Verify your SSL port is allowed through any firewalls on the machine or on the network.
Update the Base URL to the SSL-enabled URL within Connect Admin settings:
Click the icon in the upper-right corner of the Connect page > Administration.
Click Connect Configuration > Instance Settings.
Update the Base URL value to the new SSL-enabled URL.