Alteryx Designer Knowledge Base
Definitive answers from Designer experts.Alteryx License Server unable to add or modify licenses due to glsErr.sslMisconfigured error
Issue
Alteryx License Server returns the following error when adding or modifying a license:
ERROR: {
"key":"glsErr.sslMisconfigured",
"arguments":[
"I/O error on POST request for \"https://flex1280.flexnetoperations.com/flexnet/deviceservices\": sun.security.validat
or.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; nested ex
ception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: un
able to find valid certification path to requested target"
],
"message":"SSL is misconfigured: I/O error on POST request for \"https://flex1280.flexnetoperations.com/flexnet/dev
iceservices\": sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification
path to requested target; nested exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certp
ath.SunCertPathBuilderException: unable to find valid certification path to requested target"
}
Environment Details
- Alteryx License Server 2018.3
Cause
By default, the Alteryx License Server uses a local keystore to handle HTTPS communication with the Flexera servers. The cause of the above error is the expiration of the certificates stored in this file.
Resolution
- Open your Windows Services Console: Press the Windows Key + r on your keyboard and type "services.msc".
- Right-click the Alteryx License Server and select Stop.
- In a text editor, Open a File and navigate to your Alteryx License Server directory: %InstallDir%\Alteryx\License Server\server
- Open the local-configuration.yaml file
- At the bottom of the file is the https-out section. Make the following changes (in bold):
# HTTPS client mode. You generally don't need to specify this, as flexnet.certs will be consulted if # a https:// lfs.url value is found in producer-settings.xml. https-out: # Set to true to enable enabled: true # Path to truststore containing server certificate. truststore-path: C:\Program Files\Java\jre1.8.0_281\lib\security\cacerts # Truststore password. You can obfuscate this with java -jar flexnetls.jar -password your-password-here truststore-password: changeit # Switch off if you're having host validation problems (not recommended) host-verify: true # Set to true if you're using self-signed certificates (not recommended) self-signed: false
Note: For the truststore-path, point this to the cacerts file where you currently have your Java Runtime Environment installed. The above is the default install location. - Save the local-configuration.yaml file.
- In the Windows Services Console right click the Alteryx License Server and select Start.
- After the Alteryx License Server is up and running, verify the above fix by adding or modifying a current license from the instructions found here.
Known Issues
The Alteryx License Server can take a minute or two to actually start even though it reports as Running. A good way to see when the service is actually running is to open the Task Manager and select the Performance tab. When the CPU graph calms down back to under 10%, the service is available.
Additional Resources
