The certificate authority certificate created by default does not contain the attribute “CA:True” and appears as invalid.
This can cause a certificate warning when trying to make API calls using the QlikClient certificate which is issued by that authority.
Environments:
This affects upgrade and migration procedures from Qlik Sense April 2019 and earlier releases to later version of Qlik Sense Enterprise on Windows.
Resolution
This defect is resolved in Qlik Sense June 2019. See the June 2019 Release Notes for details on QLIK-95021. Also fixed in Qlik Sense April 2019 Patch 1.
If you're upgrading from any earlier version of Qlik Sense Enterprise on Windows:
- Upgrade
- Recreate the certificates as per How to recreate or just delete certificates in Qlik Sense - No access to QMC or Hub
IMPORTANT NOTE if recreating the certificates per above:
Test all data connections after the certificates are rebuilt. It is likely that data connections with passwords will fail. This is because passwords are saved in the repository database with encryption. That encryption is based on a hash from the certs. When the Qlik Sense self-signed cert is rebuilt, this hash is no longer valid, and so the saved data connection passwords will fail. The customer must re-enter the passwords in each data connection and save. See article: Repository System Log Shows Error "Not possible to decrypt encrypted string in database"
