Qlik Sense - Ticketing request with Qlik Sense Proxy API fails from 3rd party component - A fatal error occurred when attempting to access the SSL server credential private key
Article Number: 000047628 | Last Modified: 2018/11/21
After configuring your custom authentication module with a 3rd party component such as IIS to request a ticket to the Qlik Sense Proxy API it fails. Looking at the Windows Event Logs -> System you can see an Schannel error every time you attempt to request a ticket with the following details:
Log Name: System Source: Schannel Date: 07-10-2012 02:13:15 Event ID: 36870 Task Category: None Level: Error Keywords: User: SYSTEM Computer: xxxxxxxxx Description: A fatal error occurred when attempting to access the SSL server credential private key. The error code returned from the cryptographic module is 0x8009030d. The internal error state is 10003
Environment: Qlik Sense 3.2 and later
This event indicate that the user proceeding with the ticketing request does not have permission to access the private key of the QlikClient certificate.
To resolve this problem you need to either change the permission on the certificate private key to give at least read access to the user requesting the ticket or change the user who is requesting the ticket to someone who has at least read access to the private.
To manage the private key permissions you can check this link: https://technet.microsoft.com/es-es/library/ee662329(v=vs.85).aspx
E.g. If you are running an IIS Webpage to request the ticket, the user making the ticket request is likely to be the user running the IIS Application Pool Identity.
Collaborate with over 60,000 Qlik technologists and members around the world to get answers to your questions, and maximize success.