We are celebrating the 10-year anniversary of the Alteryx Community! Learn more and join in on the fun here.
Start Free Trial

Alteryx Server Discussions

Find answers, ask questions, and share expertise about Alteryx Server.
SOLVED

DCM Hashicorp Vault - Vault's SSL certificate or SSH fingerprint validation failed

igallion
7 - Meteor

I am attempting to use a DCM connection to Hashicorp Vault but am running into SSL errors: "Could not connect to Vault. Authentication failed. Vault's SSL certificate or SSH fingerprint validation failed" (See attached image)

 

I have tried both LDAP and mTLS auth with no success - both result in the same SSL error

 

I am able to successfully invoke the Vault api from the Alteryx server using the following powershell script. This leads me to believe Alteryx DCM may not be leveraging the Windows cert store where my CA certs are located which is causing the SSL validation to fail. 

 

Are there any logs that may provide more detailed information on the SSL error being encountered? Or is there more information on how DCM works with Vault? What cert store does DCM use for SSL verification and can new certs be imported?

 

 

 

$VAULT_TOKEN = 'my-vault-token'

$URL = 'https://my-vault/v1/alteryx/data/AyxSecret'

$resp = Invoke-RestMethod $url -Method get -Headers @{
    "X-Vault-Token" = $VAULT_TOKEN
}

$resp

 

 

 

1 REPLY 1
igallion
7 - Meteor

Thanks for your response! 

 

I contacted support and was able to fix this by importing my intermediate CA cert into the Root CA store:

 

Intermediate Certificates: Make sure that any intermediate certificates required for the SSL connection are added to the Trusted Root certificate store on the Windows machine. This is crucial since the libCurl library used by Alteryx only checks certificates in the Windows "ROOT" certificate store.