Find Answers
Qlik Community
Collaborate with over 60,000 Qlik technologists and members around the world to get answers to your questions, and maximize success.
Join Us
Contact
Find Answers
Join Qlik Community
Collaborate with over 60,000 Qlik technologists and members around the world to get answers to your questions, and maximize success.
Join Us
Talk with a Representative
Critical Issues
Request assisted support for your highly complex issues.
Submit a CaseExperiencing a business critical service interruption? Click here to view phone numbers and hours by region.
Contact UsWelcome Guest
Installed Qlik Products
My Environments
Log your environments to ensure faster and more targeted troubleshooting.
View Available Licenses
My Licenses
Understand your licenses to help you maximize your experience.
Knowledge
How to: Change the Qlik Sense Proxy certificate if the service account does not have local administrative permissions
Article Number: 000037491 | Last Modified: 2020/02/10Description
If the Qlik Sense Services are not run with local administrative privileges, a few additional steps need to be carried out to be able to successfully change the SSL certificate used for the HUB and QMC, besides the steps under How to: Change the certificate used by the Qlik Sense Proxy to a custom third party certificate
Otherwise, the third party certificate may not be used by the Proxy after restart, and the Qlik Sense server reverts back to default. (use self-signed certificate)
No private key found for certificate
Couldn't find a valid ssl certificate with thumbprint
Reverting to default Qlik Sense SSLCertificate
...
Environment:
Otherwise, the third party certificate may not be used by the Proxy after restart, and the Qlik Sense server reverts back to default. (use self-signed certificate)
- Browsers will show an untrusted certificate.
- The Qlik Sense Proxy security log shows one or all of the following lines:
No private key found for certificate
Couldn't find a valid ssl certificate with thumbprint
Reverting to default Qlik Sense SSLCertificate
...
Environment:
- Qlik Sense Enterprise, all versions
Resolution
Perform these steps:
- Give access to the Private Key in the certificate store to the user running the services. See How to: Manage Certificate Private Key for details.
- Stop the Qlik Sense services except of the Qlik Sense Repository Database.
- Open an elevated command prompt and run repository.exe -bootstrap (If this is the central node, add the iscentral flag). Review the Qlik Online Help for details.
- Start Qlik Sense services.
Reviewing the Qlik Sense Proxy Security logs should now result in the certificate being properly used:
...
QlikServer1 Security.Proxy.Qlik.Sense.Common.Security.Cryptography.LoggingDigester DOMAIN\_service Setting crypto key for log file secure signing: success
QlikServer1 Security.Proxy.Qlik.Sense.Common.Security.Cryptography.SecretsKey DOMAIN\_service retrieving symmetric key from cert: success
QlikServer1 Security.Proxy.Qlik.Sense.Common.Security.Cryptography.CryptoKey DOMAIN\_service setting crypto key: success
QlikServer1 Security.Proxy.Qlik.Sense.Communication.Security.CertSetup 'CN=localhost' (08C871933A58E072FED7AD65E2DB6D5AD3EAF9FA) as SSL certificate presented to browser, which is a 3rd party SSL certificate
...
Get Answers
Find Answers
Get Support
Have a Question?
Search Qlik's Support Knowledge database or request assisted support for highly complex issues.
Submit a case
Talk with a Representative
Critical Issues
Experiencing a serious issue, please contact us by phone. View phone numbers and hours by region.