# Troubleshoot
The extension appears grey in Tableau Online but not in the desktop
* Check the whitelisting in Tableau settings. The extension url needs to be whitelisted to be able to run in a Tableau Online dashboard.
* Is the extension running behind a proxy? Be sure the proxy is not adding CSP (Content Security Policy) Headers to the request. To find out if this is the cause, open the developer tools in your browser and open the console tab. When there are red messages complaining about Content Security Policy, then this is the problem.
Running behind a Reversed Proxy and a wrong domain in the trex file
* If you are running behind a reversed proxy and the domain in the trex is therefore showing the domain of the server instead of the public-facing domain, follow these steps.
* Open the config.yaml file in your installation folder.
* Add or update the host variable to the public-facing domain.
* Restart the application.
* Download the trex file from yourdomain.com/trex
How to decrypt my keyfile?
Our application requires an unencrypted SSL key file. If you only have an encrypted key file, you must decrypt it using OpenSSL. Use the following command:
**Windows**
openssl.exe rsa -in encrypted.key -out decrypted.key
Linux
openssl rsa -in encrypted.key -out decrypted.key
Protocol mismatch after ppgrade – “Missing ALPN protocol” / allowHTTP1 error
#### Symptoms
After upgrading to newer versions:
* Browser shows an error when accessing the extension endpoint (e.g. `https://:/...`)
* Error message may include:\
`Missing ALPN Protocol, expected h2 to be available`
* Environment includes a reverse proxy or load balancer in front of the extension service
### Cause
A protocol mismatch between the reverse proxy/load balancer and the enterprise (self-hosted) environment.
Typical scenarios:
* The extension server is configured to run with **HTTPS (TLS) enabled**
* The reverse proxy/load balancer forwards traffic to the extension server using **HTTP**
* The extension server expects **TLS/HTTP2**, but receives **plain HTTP/1.1**
This results in the `Missing ALPN Protocol` error.
### Resolution
Ensure protocol alignment between the reverse proxy/load balancer and the extension server.
* If the extension server is configured to run on **HTTPS**:
* The reverse proxy/load balancer must forward traffic using HTTPS
* Do not forward plain HTTP traffic to a TLS-enabled backend port
* The extension server requires HTTP/2 over HTTPS, so the load balancer must be configured accordingly
After correcting the configuration, restart the service if required and re-test access to the extension endpoint.
SSL error during upgrade when using a .pfx certificate
#### Issue
During the upgrade, you may see:
`SSL_ERROR_INTERNAL_ERROR_ALERT`\
`ERR_SSL_PROTOCOL_ERROR`\
(or a *Secure Connection Failed* message)
#### Cause
Recent extension versions do **not support `.pfx` certificates** in this setup.
#### Solution
Convert the `.pfx` file to PEM format and use those instead:
```
openssl pkcs12 -in server.pfx -nocerts -nodes -out key.pem
openssl pkcs12 -in server.pfx -clcerts -nokeys -out cert.pem
```
#### Next steps
* Configure SSL using `key.pem` and `cert.pem`
* Restart the extension
* Retry the upgrade
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.infotopics.com/enterprise-installation/support/troubleshoot.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.