The certificate authority certificate created by default does not contain the attribute “CA:True” and appears as invalid.
This can cause certificate warning when trying to make API calls using the QlikClient certificate which is issued by that authority.Environments:
Qlik Sense April 2019 and earlier
This defect is resolved in Qlik Sense June 2019. See the June 2019 Release Notes
for details on QLIK-95021. Also fixed in Qlik Sense April 2019 Patch 1. Tool to check the certificate attributes quickly:
Run the tool mentioned here Qlik Sense: NLP Does not work due to missing Basic Constraints in certificate
to check for the needed attributes.Workaround for previous versions:
After upgraded, certificates need to be regenerated to have the attribute.
See How to recreate or just delete certificates in Qlik Sense
on how to recreate certificates.
IMPORTANT NOTE if recreating the certificates per above:
Test all data connections after the certificates are rebuilt. It is likely that data connections with passwords will fail. This is because passwords are saved in the repository database with encryption. That encryption is based on a hash from the certs. When the Qlik Sense self-signed cert is rebuilt, this hash is no longer valid, and so the saved data connection passwords will fail. The customer must re-enter the passwords in each data connection and save. See article: Repository System Log Shows Error "Not possible to decrypt encrypted string in database"