This site uses different types of cookies, including analytics and functional cookies (its own and from other sites). To change your cookie settings or find out more, click here. If you continue browsing our website, you accept these cookies.
The new licensing system uses a TLS connection with fno.devops.alteryx.com, which is secured with an Amazon-issued TLS/SSL certificate. Alteryx is packaged with a copy of the Amazon certificate. The problem arises when the network has implemented Deep Packet Inspection on TLS/SSL connections, which is a security measure requiring that a network device be able to intercept the connection and “see” the plaintext conversation. To do this, the device attempts to impersonate fno.devops.alteryx.com but uses its own certificate, which is separately installed as a trusted root certificate on the client computer. However, Alteryx doesn't consult the local computer's trust store when authenticating the license connection. Thus, when Alteryx attempts to construct a TLS session, it sees a certificate mismatch, and the connection fails.
Since this is a network security restriction, you should have no problem activating if you move onto an external network such as a mobile hotspot, home network connection, or coffee shop.
How to confirm the problem
To definitively confirm that they are running into this issue, have them open a browser and go to https://fno.devops.alteryx.com. It will show a blank screen, but up in the corner is certificate information. Click on the lock to view the certificate details.
This window needs to show this exact certification Path. If there are any extra or different entries, that's when this issue occurs.
How to fix it?
IT or your security department need to add a bypass on the SSL packet inspector such that https://fno.devops.alteryx.com is not subject to SSL deep packet inspection. After adding the bypass so this traffic is no longer being interdicted, the issue should be resolved and the customer should try to activate again.