It is recommended to enable HTTPS for Qlik GeoAnalytics Server. This can be done either during the installation, or by editing the config.ini after the installation.
The deployed SSL certificate may need to be updated regularily, which requires a repeat of the initial installation steps.
Environment:
Any Qlik GeoAnalytics Version
GeoAnalytics using HTTP need to connect to a QlikView/Qlik Sense HTTPS server.
Before you begin
- Make sure you have a certificate in PKCS12 (.pfx, p12) format, including the private key! This can be exported out from Windows Certificate Manager, Qlik Sense Management Console (if using self-signed certificates generated by Qlik Sense) or acquired by your certificate authority
- Make sure the certificate matches the hostname where Qlik GeoAnalytics Server is installed, (example: myserver.domain.local )
- Place the certificate where it can be accessed by Qlik GeoAnalytics Server
Set / Change certificate during install
The recommended way to enable HTTPS is to run the installation package and set / change the certificate during install:
Setting the certificate during install will automatically obfuscate the password stored in config.ini
Alternative way to enable HTTPS on an already installed Qlik GeoAnalytics Server
- Edit config.ini found in %ProgramData%\Qlik GeoAnalytics Server and add the following to the [SSL] section, replacing details to match your environment:
[SSL]
sslEnabled=true
sslPort=443
sslKeystore=c:\\path_to_certificate\\certificate_filename.pfx
sslPassword=certificate_password
- While encryption of passwords is required in later versions, it should still be possible to use clear text password in the ini. However it's recommended to re-run the installation program to set the parameters and then the password will be obfuscated like enc:0B0115327474.
All obfuscated passwords should start with enc: - Open Qlik GeoAnalytics Configure Service console and restart the service
- Verify HTTPS working properly by accessing https://<yourserverhost>/ravegeo/geoanalytics/api/testConnection?version=1.1
- any errors/warnings about the certificate not being valid, such as missing Subject Alternative Name, issues with the certificate chain etc may result in errors when using the server and needs to be investigated and fixed