Collaborate with over 60,000 Qlik technologists and members around the world to get answers to your questions, and maximize success.Join Us
After installing, renewing, or changing a third party certificate for use with Qlik Sense the Qlik Management Console (QMC) and Hub may become inaccessible leading to Page Cannot Be Displayed.
In the Proxy trace logs the last line may indicated waiting for certificate to be installed or similar. In addition, even thought Proxy service remains running, port 443 (by default) will fail to bind and start listening for requests.
Note! This article does not cover the use of a 3rd party certificate for end user Hub access, but the certificates used for communication between the Sense services. For recommendation on how to use a 3rd party certificate for end user access, see How to: Change the certificate used by the Qlik Sense Proxy to a custom third party certificate
Qlik Sense Enterprise all versions
Note! Do not perform the below steps in a production environment, without first doing a backup of the existing certificates. Certificates are being used to encrypt information in the QRS database, such as connection strings. By recreating certificates, you may lose information in your current setup.
By removing the old/bad certificates, and restarting the Qlik Sense Repository Service (QRS), the correct certificates can be recreated by the service. If trying to remove certs, only the removal steps need to be followed.
There is no need to perform a full reinstall to propagate new certificates. Certificates are created by the QRS automatically if not found during the service startup process.
IMPORTANT NOTE: The customer will need to test data connections after the certs are rebuilt. It is likely that data connections with passwords will fail. This is because passwords are saved in the repository database with encryption. That encryption is based on a hash from the certs. When the Qlik Sense self-signed cert is rebuilt, this hash is no longer valid, and so the saved data connection passwords will fail. The customer must re-enter the passwords in each data connection and save. See article: Repository System Log Shows Error "Not possible to decrypt encrypted string in database"
Self Signed Certs:
Notice if using an official Signed Server Certificate from a trusted Certificate Authority
The certificate information will also be in the QMC, under Proxies, with the Certificate thumbprint listed. If trying to merely remove all aspects of certs, this will need to be removed as well.
If the Central Node repository service hanging in the logs:
Look for this Example "API service initialized with 1501 available methods". This is Central Node.
If you see this Example "API service initialized with 2 available methods". This is a Rimnode.
For Central Node you should see as an example ""API service initialized with 1501 available methods".
Running this command "C:\Program Files\Qlik\Sense\Repository\Repository.exe" -bootstrap -iscentral -restorehostname from article "How to recreate or just delete certificates in Qlik Sense" will resolved this issue.
Search Qlik's Support Knowledge database or request assisted support for highly complex issues.Submit a case
Experiencing a serious issue, please contact us by phone. View phone numbers and hours by region.