Disclaimer: Encrypted communication between PostgreSQL database and Qlik Sense services is a supported setup. This article provides general guidance on how to enable encryption on PostgreSQL database server, but local adjustment must be applied to comply with local IT requirements.Please be aware that Qlik Support can not help setting up Database Traffic Encryption, while Qlik Consulting Services may be utilized for deployment implementation.
Qlik Sense supports database traffic encryption using SSL/TLS, but it is not enabled by default. Password security and local IT policy around certificate need to be considered before enabling database encryption, as the implementation includes manual configuration of the Qlik Sense deployment.
Qlik recommends that the configuration in this section is performed by someone with sufficient skills in PostgreSQL database configuration.
This article covers two scenarios of enabling Database Traffic Encryption;
- PostgreSQL database installed locally with the Qlik Sense installer
- Qlik Sense referred to existing database during installation
- Qlik Sense Enterprise on Windows, all versions
Qlik Sense installer does not support database traffic encryption. Prior to upgrade when using encrypted database traffic, see the following article Unable to upgrade Qlik Sense with missing 'SenseServices', 'QSMQ', and 'Licenses' database for respective capabilities.Note2:
If Centralized Logging is enabled in the environment, it may stop functioning once encryption is enabled. See Qlik Sense Logging Service does not have support for SSL Database traffic encryption
Always take a complete backup of Qlik Sense deployment before altering system configuration, to allow restoring a working state in case of disaster. These scenario apply the default Qlik Sense signed certificate to encrypt traffic for a PostgreSQL database. Qlik Sense signed certificate is commonly only fully trusted by Qlik Sense nodes, which means other usage may not comply with local IT policies. It is recommended that a fully trusted certificate is used when applying encrypted database traffic for production environments. Consult local IT department for details on how to retrieve a fully trusted certificate.
1. PostgreSQL database installed locally with the Qlik Sense installer
This scenario assumes a standard Qlik Sense installation, where Qlik Sense Repository Database is installed on the Qlik Sense central node as part of the Qlik Sense installation.
2. Qlik Sense referred to existing database during installation
This scenario assumes a custom Qlik Sense installation, where Qlik Sense is configured to use a dedicated PostgreSQL database as its Repository Database.