Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
Apr 27, 2023 5:32:14 AM
Aug 24, 2017 4:29:39 AM
By default, Qlik Sense uses a self-signed certificate to enable HTTPS access across both the Hub and the Management Console. But self-signed certificates cannot be validated or trusted by web browsers and tend to prompt a warning message.
To establish a secure HTTPS connection, the browser must trust the SSL/TLS certificate installed on the server. In the case of self-signed certificates, the signing Certificate Authority is not trusted, hence no certificates generated by the CA are trusted.
The steps on how to apply a third-party (and trusted) certificate can be found in: How to change the certificate used by the Qlik Sense Proxy to a custom third party certificate.
However, if your Service Account does not have administrative permissions, you will see the Proxy reverting back to the old certificate or otherwise not behave as expected.
These error messages may be seen in the Proxy Security log:
Certificate 'CN=<servername>' (2F66E692BBC9DCB5EF43853248A667EAD7CB27B2) is invalid because it was not signed correctly by 'CN=<servername>-CA'
or
Unkown error when accessing the private key for certificate
or
No private key found for certificate
or
Couldn't find a valid ssl certificate with thumbprint
or
Reverting to default Qlik Sense SSLCertificate
The Qlik Sense Proxy System log may register the following:
INFO <servername> System.Proxy.Proxy.Core.QPSMain 8 40e67960-d393-4881-a7c8-efafe089ef0f <serviceAccount> Settings has been updated but will not take effect until bootstrap mode has been run on the repository
Reviewing the Qlik Sense Proxy Security logs should now result in the certificate being properly used:
QlikServer1 Security.Proxy.Qlik.Sense.Common.Security.Cryptography.LoggingDigester DOMAIN\_service Setting crypto key for log file secure signing: success
QlikServer1 Security.Proxy.Qlik.Sense.Common.Security.Cryptography.SecretsKey DOMAIN\_service retrieving symmetric key from cert: success
QlikServer1 Security.Proxy.Qlik.Sense.Common.Security.Cryptography.CryptoKey DOMAIN\_service setting crypto key: success
QlikServer1 Security.Proxy.Qlik.Sense.Communication.Security.CertSetup 'CN=localhost' (08C871933A58E072FED7AD65E2DB6D5AD3EAF9FA) as SSL certificate presented to browser, which is a 3rd party SSL certificate
Qlik Sense Enterprise on Windows, all versions