After a successful installation of Qlik Alerting following Qlik Alerting installation
steps, Installing the Qlik Sense Extension
, and then adding the extension object to an Qlik Sense app with the proper Qlik Alerting server information, the extension shows up blank in Internet Explorer (IE) or with the message "Could not retrieve user info. Check your extension settings or contact your administrator"
when using Google Chrome:
Chrome will output the following or similar in the Developer tools
Console logs: (also under Network tab the extension failure is registered)POST https://<Qlik Alerting server>:4552/api/users/extension net::ERR_CERT_AUTHORITY_INVALID
IE in the other hand will output the following or similar in the Developer tools
Console logs and not much under the Network tab (halts after loading the Qlik Alerting js file):SCRIPT1002: Syntax error
File: qlik-alerting.js, Line:9, Column: 42
SCRIPT5007: Unable to get property '__esModule'of Underfined or null reference
- Qlik Alerting, April 2020
- Qlik Sense Enterprise on Windows, April 2020
In order to use a HTTPS connection with the Qlik Alerting extension a proper certificate needs to be installed on the Qlik Sense clients' computers. Otherwise HTTP needs to be used as indicated in the Workaround(s) section.
! The information in this article is provided as-is and to be used at own discretion. Depending on tool(s) used, customization(s), and/or other factors ongoing support on the solution below may not be provided by Qlik Support.
Replace the Qlik Alerting self-signed certificate with the certificate issued for the deployment in order to allow HTTPS connections. Otherwise, a certificate error is observed when connecting to the Qlik Alerting web console and API connections from the extension fails as described above. See Workaround
section below for an alternative.
There are at least the two methods for resolving the error above:I. Using the server.pem and server_key.pem files that were originally exported from Qlik Sense:
The easiest way to resolve the error above is to use the server certificate and private key that was originally exported from Qlik Sense.Note:
This may not be suitable for all production environments. It will not allow the extension to function from outside the Qlik Sense / Qlik Alerting local network. E.g: When an external FQDN / Alias / CNAME is used to access the Qlik Sense app that uses the Qlik Alerting extension.
1. Follow the steps documented under Using trusted SSL certificates with Qlik Alerting
and replace the mentioned server certificate files (server.pem
with the server certificates (not the client certs
) that were originally exported from Qlik Sense when going through the steps to configure the connection
between Qlik Alerting and Qlik Sense.
2. When configuring the extension, make sure to use the machine name that was used when exporting the certificate via the Qlik Management Console (QMC). This will be the "Issued To" field found in the certificates.
3. Make sure the Qlik Sense self-signed root CA certificate (root.pem / root.cer
) is installed on client computers (including the Qlik Alerting server) that require access to the web console and use of the Qlik Alerting extension in Qlik Sense apps. The certificate should be installed in the Trusted Root Certification Authorities
store.II. Another method is to replace the Qlik Alerting self-signed certificate with a certificate issued by a private or public CA for the deployment in order to allow HTTPS connections.
The following is an example of issuing an SSL certificate using TinyCert
. Please note that certificates issued by TinyCert.org are not considered to be "production ready" and should only be used for evaluation or testing. More information in TinyCert FAQ
1. Sign up for a free TinyCert account.
2. Create a Certificate Authority (CA) certificate. Using the defaults works fine.
3. Create a server certificate. Make sure to include all the host names used when accessing the Qlik Alerting server over https.
For example: The server machine name (hostname) may be sufficient in environments where clients are always on the same local network (LAN). However, an external FQDN (Alias, or CNAME records) for Qlik Alerting may be needed in the certificate's Subject Alternative Names
in order to allow the extension to work when Qlik Sense app are accessed from outside the LAN. Keep in mind the client using the Qlik Alerting extension in the Qlik Sense app makes the connection request directly to the Qlik Alerting server.
4. Download the CA Certificate
). This certificate will need to be installed on client computers that use the Qlik Alerting extension as well as accessing the web console (to eliminate the cert error).
5. Download the server Certificate
), and the Private key (clear)
Qlik Alerting does not support the option Private key (encrypted)
as it does not support passphrases.
6. Move the three files to the Qlik Alerting server and follow the steps documented under Using trusted SSL certificates with Qlik Alerting. Note:
- The cert.pem file above is the one that gets renamed to server.pem
- The key.dec.pem above is the one that gets renamed to server_key.pem
7. Import the CA Certificate
) on the Qlik Alerting server and on any needed client computer using the Certificates snap-in.
a. On the Qlik Alerting server right-click Start > Run > type mmc > enter
b. File > Add/Remove Snap-in > pick Certificates > Add > Computer account > OK > OK
c. Expand Certificates (Local Computer) > right-click the Trusted Root Certification Authorities store > All Tasks > Import > Next > Browse to the cacert.pem file > Open.
d. Click Next twice and Finish.
e. A Security Warning appears. Click Yes. Now the CA Certificate should show up in the Local Computer's Trusted Root Certificate Authorities store.
f. On needed client computers, perform the same steps. However, pick My User account under mmc > File > Add/Remove Snap-in. Note: An administrator can get this certificate installed on all necessary clients via domain policy as an alternative.
g. Then under Certificates - Current user, right-click the Trusted Root Certification Authorities store > All Tasks > Import > Next > Browse to the cacert.pem file > Open.
h. Click Next twice and Finish.
i. A Security Warning appears. Click Yes. Now the CA Certificate should show up in the specific user's Trusted Root Certificate Authorities store.
In use-cases where encryption of the traffic between the Qlik Sense client and Qlik Alerting is not a priority, communication via plain HTTP (unsecured) can also be used by unchecking the HTTPS option in the Extension configuration:
However, please note that in order for the above workaround to work the Qlik Sense app also needs to be accessed via plain HTTP (unsecured). Otherwise, the error reported above "Could not retrieve user info. Check your extension settings or contact your administrator"
will be displayed along with the other errors for the two browsers. In Google Chrome the following will be registered in Developer tools Console logs:Mixed Content: The page at '<URL>' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint '<URL>'. This request has been blocked; the content must be served over HTTPS.