Configure Gallery SSL/TLS

Last modified: January 20, 2021

Do not delete this has styles that are applied to the article.

Server supports both TLS (Transport Layer Security) and SSL (Secure Socket Layer) encryption for HTTPS to ensure safe and secure communication between Designer and Server, as well as any communication between a user’s web browser and your company's Private Gallery.

  • We recommend involving IT network administrators to configure SSL. SSL configuration requires expertise in creating, distributing, and certifying SSL files via a Certificate Authority (CA).
  • Use a recognized CA to sign your SSL certificates. 
  • We recommend that you use a TLS (SSL) certificate.
  • Self-signed certificates are discouraged. 

Before enabling SSL on your machine, obtain a SSL certificate for your company's Private Gallery from a trusted Certificate Authority (CA). The service address that you specify for the certificate has to match the address that you want to use for your Gallery website domain (the Base Address in System Settings on the Gallery General screen). Visit Gallery for more info about your Base Address

After you have obtained an SSL certificate, you need to configure your web server to use that certificate when users visit your site. To do this, the certificate thumbprint has to be associated with a specific port on the machine.

Step 1. Obtain Your SSL Cert's Thumbprint

Obtain the thumbprint of the certificate:

  1. Locate and open the certificate (.cer) file.
  2. Select the Details tab.
  3. Scroll through the list and highlight Thumbprint.
  4. The value displayed in the box at the bottom is the thumbprint of the certificate. Copy the value and paste it into a text editor to remove all spaces. Use this value when configuring the port.

Step 2. Configure a Port to Use the SSL Cert

To associate the certificate thumbprint to a specific port:

  1. Select the Windows Start button.
  2. Enter netsh in Search, and select Enter.
  3. Edit the example command. Example Command
    http add sslcert ipport= certhash=0000000000003ed9cd0c315bbb6dc1c08da5e6 appid={eea9431a-a3d4-4c9b-9f9a-b83916c11c67}
    1. Replace the certhash value with the certificate thumbprint value without the spaces.
    2. Modify the ipport value if you want to use a port other than the default port (443).
    3. Leave the appid as it is since it is the application ID for the Gallery.
  4. Paste the resulting command into the netsh console and select Enter to associate the certificate with the given port.
  5. Verify the association and successful install of the certificate by running this command in the netsh console.
    http show sslcert.

All SSL certificate associations and their respective ports are listed.

Step 3. Configure the Gallery URL

After the certificate is associated with a port, the Server configuration has to be changed to expect web requests over HTTPS instead of HTTP. If you associated the certificate with a port other than the default (443), Server has to be configured to utilize that port.

  1. Double-click the System Settings icon on your desktop.
  2. Select Next on each screen in System Settings to navigate to the Gallery screens. 
  3. On the Gallery General screen, select Enable SSL. Enabling this option changes the URL in the Base Address field to HTTPS.
  4. If you enable SSL and your certificate is set to a port other than the default 443, specify the port in the Base Address. For example, https://localhost:445/gallery/.
  5. Select Next to continue navigating through the settings.
  6. Select Done to close the System Settings and restart Alteryx Services.

After you have enabled SSL in the Server System Settings, users who go to the Gallery will see HTTPS and a padlock symbol displayed before the URL address in their browser. This means that a secure connection is established with a unique session key and communications are secure.

Was This Helpful?

Running into problems or issues with your Alteryx product? Visit the Alteryx Community or contact support.