This site uses different types of cookies, including analytics and functional cookies (its own and from other sites). To change your cookie settings or find out more, click here. If you continue browsing our website, you accept these cookies.
How To: Configure SSL (Self-Signed Certificate) on Connect
This article provides instructions for adding a self-signed SSL certificate to the web page hosted by Alteryx Connect so that the page is served securely.
Note: This article is only intended for Self-Signed Certificates. A self-signed certificate is not recommended to be used for production purposes. This is because self-signed certificates must be installed on all of the machines you intend to use with Connect as a trusted certificate. This includes any machines that will use Connect applications like loading metadata in Alteryx Designer or using search results from Connect Designer.
Alteryx Connect ≤ 2018.4
Administrator Permissions in Alteryx Connect
Stop the service Alteryx Connect via Windows Task Manager or Services dialog.
Back up the entire Connect install folder, (default C:\Program Files\AlteryxConnect\ ). This folder contains the H2 database as well as configuration files. If you are unable to get Connect to start properly after applying the modifications, you can restore this backup to restore original functionality.
Open a command prompt (CMD.exe) as administrator (Right Click > Run as Administrator).
Change directory to the jre\bin folder inside the Connect install folder (default C:\Program Files\AlteryxConnect\jre\bin).
cd "C:\Program Files\AlteryxConnect\jre\bin"
Run the following command, changing the value after -keystore to a directory accessible by the service account (default is SYSTEM or Local System) running Alteryx Connect. You should also change the option after -ext to your server's Fully Qualified Domain Name (FQDN), hostname, or the DNS name(s) you wish to use for testing. Note: The value here is important as newer browsers like Chrome will reject the certificate when you browse to your Connect instance if it doesn't contain the proper Subject Alternate Name (SAN) in the certificate. If you are unsure what to put here, you should use the root of the URL you are using to access your Connect instance if you were accessing it from a different machine. For example, if your Connect URL is http://ayxconnect01.yourdomain.tld , then set your SAN to ayxconnect01.yourdomain.tld). We do not recommend using localhost here as the certificate will not function properly on remote machines.
You will be asked to provide some information during this process, please pay special attention to the first and last name question. This value will need to be set to your server's hostname, FQDN, or the DNS name you wish to use for testing. Please also make sure to keep your keystore password as it will be needed for further steps. The other values are up to personal preference and should not change the desired outcome.
Once the keystore file is generated, we need to export it out to a .crt file so it can be installed as a trusted cert on machines you wish to utilize. Replace the -file option with the target directory you wish to write the .crt file to, and the -keystore option with the same path to the keystore you created in the previous step. You'll also be asked for the keystore password that you previously provided.
Once you have your keystore and cert files, we can begin to configure Connect. Open the server.xml file within the conf directory inside the Connect install folder (default C:\Program Files\AlteryxConnect\conf) with a text editor such as Notepad.
Find line 70 within this file, add a new line, and add the following block of text. Modify the Connector port to the port number you wish to run Connect on, if not the SSL/HTTPS default of 443. Modify the keystorePass to the password for your keystore file that you created earlier. Modify the keystoreFile to the file location of your keystore file that you created in Step 5.
Start the service Alteryx Connect via Windows Task Manager or Services dialog. Allow at least 5-10 minutes for service to fully initialize all web services. While the service is starting, you can move to the next step.
(Optional - Recommended) Install the certificate .crt file you created to the Trusted Root Certification Store on the desired client machine(s). This can be done on the server itself or on the client machine. Note that this file must be installed on each machine as mentioned in the initial notes above in order to trust the SSL connection. Any machines you do not install this certificate to will not trust the certificate and will not show the connection as secure.
Right-click the .crt file you created and click Install Certificate.
Click Local Machine in the Store Location.
Click Place all certificates in the following store. Click Browse.
Click Trusted Root Certification Authorities from the list.
Click Finish. A message should appear stating The import was successful.
Verify operation of Alteryx Connect. If Connect is not operational, check log files for potential errors in XML files that were edited or other error messages. Verify your SSL port is allowed through any firewalls on the machine or on the network.
Update the Base URL to the SSL-enabled URL within Connect Admin settings:
Click the icon in the upper-right corner of the Connect page > Administration.
Click Connect Configuration > Instance Settings.
Update the Base URL value to the new SSL-enabled URL.