The following can be seen after applying a 3rd party certificate:
Warning message in the *_Security_Proxy.* trace log:
WARN ... Current version of .NET cannot directly access private key for certificate 'CN=domain address' (XXXXXXXXXXXXXX)
Users could see:
Error 500: Internal Server Error
Environment:
CNG certificate support is not fully implemented while CryptoAPI is fully supported. So the certificate needs to be converted before it will work.
Resolution:
Use OpenSSL to convert the 3rd party certificate to the CryptoAPI format. The resulting CryptoAPI format will be accepted by Qlik Sense.
1.) Convert the certificate first from PFX in CNG format to PEM
openssl pkcs12 -in 3rdparty-cngformat.pfx -out 3rdparty.pem
2.) Convert it back from PEM to PFX getting PFX in CryptoAPI format
openssl pkcs12 -export -in 3rdparty.pem -out applytoSense.pfx
More information can be found here
https://docs.microsoft.com/en-us/windows/win32/seccertenroll/understanding-cryptographic-providers