Get Inspire insights from former attendees in our AMA discussion thread on Inspire Buzz. ACEs and other community members are on call all week to answer!
community Alteryx IO Alteryx.com
alteryx Community
Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Close
Free Trial

Alteryx Designer Desktop Discussions

Find answers, ask questions, and share expertise about Alteryx Designer Desktop and Intelligence Suite.
SOLVED

How to install .crt file

gesh2112
7 - Meteor
‎11-21-2022 06:51 AM

I am using the download tool and getting an SSL error.  So I worked with our network admin and got a .crt file. 

 

Where do I install this on the Alteryx machine so the download tool can use it?  Do I need to install Alteryx Connect?

Labels:
Reply

Accepted SolutionSolved! Go to Solution.

5 REPLIES 5
AndrewSu
Alteryx
Alteryx
‎11-22-2022 02:10 PM

@gesh2112 , to my understanding the .crt file is to be loaded onto the website/domain that you are trying to access THRU the Download Tool.  It is not a file that needs to be used for the Download tool's configuration. 

 

See the thread below that may also assist you. 

https://community.alteryx.com/t5/Alteryx-Designer-Discussions/Error-Transferring-data-SSL-peer-certi...

 

If this helps resolve your issue, please mark this post as the solution so that others in the community can benefit from our collaboration. 

 

Thanks. 

Reply
0 Likes
gesh2112
7 - Meteor
‎11-23-2022 07:10 AM

To bypass the SSL security, do you know if I have to run the curl command in the workflow?  Or just run it on the machine that has the Designer on?

Reply
0 Likes
AndrewSu
Alteryx
Alteryx
‎11-23-2022 09:18 AM

@gesh2112 ,  what version of Designer do you have installed? 

Reply
0 Likes
gesh2112
7 - Meteor
‎11-23-2022 10:11 AM

I am running Version 2022.1.1.30961.

Reply
AndrewSu
Alteryx
Alteryx
‎11-28-2022 11:56 AM

@gesh2112 , 

In 2022.1, Alteryx updated the versions of OpenSSL and LibCurl.  This upgrade closed out vulnerabilities found in SSL including CVE-2009-3555.  This vulnerability refers to a server which does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL.

 

Please contact the administrators of the site you wish to access to verify the site has been patched against CVE-2009-3555 and that their server(s) are upgraded to support RFC 5746.  

 

Another workaround is below, though not recommended

 

IMPORTANT!!! PLEASE NOTE:

Implementing this workaround will leave your communication open to man-in-the-middle attacks as defined by CVE-2009-3555.

  1. Open Notepad and copy the following text into a new document.
    1. # This definition stops the following lines choking if HOME isn't
# defined.
HOME            = .
# Use this in order to automatically load providers.
openssl_conf = openssl_init
# Comment out the next line to ignore configuration errors
config_diagnostics = 1
[openssl_init]
providers = provider_sect
ssl_conf = ssl_sect
#alg_section = algorithm_sect
# List of providers to load
[provider_sect]
default = default_sect
#fips = fips_sect
# If no providers are activated explicitly, the default one is activated implicitly.
# See man 7 OSSL_PROVIDER-default for more details.
#
# If you add a section explicitly activating any other provider(s), you most
# probably need to explicitly activate the default provider, otherwise it
# becomes unavailable in openssl.  As a consequence applications depending on
# OpenSSL may not work correctly which could lead to significant system
# problems including inability to remotely access the system.
[default_sect]
activate = 1
# added
[ssl_sect]
system_default = system_default_sect
# added
[system_default_sect]
Options = UnsafeLegacyRenegotiation
[algorithm_sect]
default_properties = fips=yes
###############################################################################
# for fipsinstall
###############################################################################
  2. Save the file as openssl-unsafe-negotiation.cnf to a directory on your server (i.e. C:\config)
  3. Click on your Windows Search box and paste in the following: sysdm.cpl
  4. Click on the sysdm.cpl application to open your System Properties dialog
  5. Click on the Advanced tab and then the Environment Variables button and the bottom of the window
  6. In the Environment Variables window, click New in the System Variables section
  7. Enter the following
    1. Variable Name: OPENSSL_CONF
    2. Variable Value: <path to cnf file>\openssl-unsafe-negotiation.cnf
  8. Click Ok 3 times to close out all windows
  9. Open the Alteryx Designer and run the workflow again.

 

If this helps resolve your issue, please mark this reply as the solution so that others in the community can benefit from our collaboration. 

 

Thanks. 

Reply
0 Likes
get your questions about inspire answered by inspire attendees
learn more about the python upgrade coming in may 2024
Labels