How to: Change the Qlik Sense Proxy certificate if the service account does not have local administrative permissionsArticle Number: 000037491 | Last Modified: 2020/02/10
Otherwise, the third party certificate may not be used by the Proxy after restart, and the Qlik Sense server reverts back to default. (use self-signed certificate)
- Browsers will show an untrusted certificate.
- The Qlik Sense Proxy security log shows one or all of the following lines:
No private key found for certificate
Couldn't find a valid ssl certificate with thumbprint
Reverting to default Qlik Sense SSLCertificate
- Qlik Sense Enterprise, all versions
Perform these steps:
- Give access to the Private Key in the certificate store to the user running the services. See How to: Manage Certificate Private Key for details.
- Stop the Qlik Sense services except of the Qlik Sense Repository Database.
- Open an elevated command prompt and run repository.exe -bootstrap (If this is the central node, add the iscentral flag). Review the Qlik Online Help for details.
- Start Qlik Sense services.
Reviewing the Qlik Sense Proxy Security logs should now result in the certificate being properly used:
QlikServer1 Security.Proxy.Qlik.Sense.Common.Security.Cryptography.LoggingDigester DOMAIN\_service Setting crypto key for log file secure signing: success
QlikServer1 Security.Proxy.Qlik.Sense.Common.Security.Cryptography.SecretsKey DOMAIN\_service retrieving symmetric key from cert: success
QlikServer1 Security.Proxy.Qlik.Sense.Common.Security.Cryptography.CryptoKey DOMAIN\_service setting crypto key: success
QlikServer1 Security.Proxy.Qlik.Sense.Communication.Security.CertSetup 'CN=localhost' (08C871933A58E072FED7AD65E2DB6D5AD3EAF9FA) as SSL certificate presented to browser, which is a 3rd party SSL certificate
Have a Question?
Search Qlik's Support Knowledge database or request assisted support for highly complex issues.Submit a case
Experiencing a serious issue, please contact us by phone. View phone numbers and hours by region.