Alteryx Server Discussions

igallion · ‎01-13-2025

I am attempting to use a DCM connection to Hashicorp Vault but am running into SSL errors: "Could not connect to Vault. Authentication failed. Vault's SSL certificate or SSH fingerprint validation failed" (See attached image)

I have tried both LDAP and mTLS auth with no success - both result in the same SSL error

I am able to successfully invoke the Vault api from the Alteryx server using the following powershell script. This leads me to believe Alteryx DCM may not be leveraging the Windows cert store where my CA certs are located which is causing the SSL validation to fail.

Are there any logs that may provide more detailed information on the SSL error being encountered? Or is there more information on how DCM works with Vault? What cert store does DCM use for SSL verification and can new certs be imported?

$VAULT_TOKEN = 'my-vault-token'

$URL = 'https://my-vault/v1/alteryx/data/AyxSecret'

$resp = Invoke-RestMethod $url -Method get -Headers @{
    "X-Vault-Token" = $VAULT_TOKEN
}

$resp

igallion · ‎01-21-2025

Thanks for your response!

I contacted support and was able to fix this by importing my intermediate CA cert into the Root CA store:

Intermediate Certificates: Make sure that any intermediate certificates required for the SSL connection are added to the Trusted Root certificate store on the Windows machine. This is crucial since the libCurl library used by Alteryx only checks certificates in the Windows "ROOT" certificate store.

Alteryx Server Discussions

DCM Hashicorp Vault - Vault's SSL certificate or SSH fingerprint validation failed

Re: Running VBA Code on Alteryx Server

Re: Running VBA Code on Alteryx Server

Re: Running VBA Code on Alteryx Server

Re: Problem Loading App: The App interface could n...

Re: Alteryx Galery - Excel Sheet Selection Pop-up