I am using the download tool and getting an SSL error. So I worked with our network admin and got a .crt file.
Where do I install this on the Alteryx machine so the download tool can use it? Do I need to install Alteryx Connect?
Solved! Go to Solution.
@gesh2112 , to my understanding the .crt file is to be loaded onto the website/domain that you are trying to access THRU the Download Tool. It is not a file that needs to be used for the Download tool's configuration.
See the thread below that may also assist you.
If this helps resolve your issue, please mark this post as the solution so that others in the community can benefit from our collaboration.
Thanks.
To bypass the SSL security, do you know if I have to run the curl command in the workflow? Or just run it on the machine that has the Designer on?
@gesh2112 , what version of Designer do you have installed?
I am running Version 2022.1.1.30961.
In 2022.1, Alteryx updated the versions of OpenSSL and LibCurl. This upgrade closed out vulnerabilities found in SSL including CVE-2009-3555. This vulnerability refers to a server which does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL.
Please contact the administrators of the site you wish to access to verify the site has been patched against CVE-2009-3555 and that their server(s) are upgraded to support RFC 5746.
Another workaround is below, though not recommended.
IMPORTANT!!! PLEASE NOTE:
Implementing this workaround will leave your communication open to man-in-the-middle attacks as defined by CVE-2009-3555.
# This definition stops the following lines choking if HOME isn't # defined. HOME = . # Use this in order to automatically load providers. openssl_conf = openssl_init # Comment out the next line to ignore configuration errors config_diagnostics = 1 [openssl_init] providers = provider_sect ssl_conf = ssl_sect #alg_section = algorithm_sect # List of providers to load [provider_sect] default = default_sect #fips = fips_sect # If no providers are activated explicitly, the default one is activated implicitly. # See man 7 OSSL_PROVIDER-default for more details. # # If you add a section explicitly activating any other provider(s), you most # probably need to explicitly activate the default provider, otherwise it # becomes unavailable in openssl. As a consequence applications depending on # OpenSSL may not work correctly which could lead to significant system # problems including inability to remotely access the system. [default_sect] activate = 1 # added [ssl_sect] system_default = system_default_sect # added [system_default_sect] Options = UnsafeLegacyRenegotiation [algorithm_sect] default_properties = fips=yes ############################################################################### # for fipsinstall ###############################################################################
If this helps resolve your issue, please mark this reply as the solution so that others in the community can benefit from our collaboration.
Thanks.