QV User Manager (for SSL)

    This is a version of Stefan Bäckstrand's QV User Manager 11 (v1.0.1) from the Power Tools 1.2 for QlikView that supports QlikView Server installations configured to communicate with SSL/Certificates.

     

    You'll need to download the version attached. Doing the described changes to the exe.config in the original version from the Power Tools pack will not work.

     

    Thanks to Stefan for a great utility pack. All feedback on the application itself should be directed towards him.

     

    Requirements

     

    Two things needs to be in place for this to work:

     

    1. The user running the QV User Manager must be a member of the "QlikView Management API" group on the server where the QMC is installed. This group is not created upon installation, and must be created manually. If the user is logged in while given membership to the group, the user needs to log out and back in for the membership to take effect.
    2. The SSL certificates exchanged upon installation/configuration of the environment must be exported using the user running the QlikView services, and imported using the user that is going to be running the QV User Manager. See description below. Thanks to Chris for the solution on how to do this Re: QMS API - Using Certificates.

     

    How to export/import SSL certificates

     

    To make a user able to successfully connect to the QMC API using the QV User Manager 11 the certificates needs to be exported from the user running the QV services, and imported to the user that is going to run the application.

     


    Step by step for Windows Server 2008 R2 (minor differences might be for other Windows versions):

     

    1. Log in as user running QlikView services
    2. Open Microsoft Management Console (Start -> Run -> mmc)
    3. Add Certificates Snap-in (File -> Add/Remove Snap-in -> Certificates -> Add...)
    4. In the dialog that pops up, choose "Computer Account". Click Next and Finish (with "Local Computer" selected). Click OK.
    5. Expand the tree view (Certificates -> Personal -> Certificates)
    6. In the Certificates folder, right-click the "QVProxy" certificate. All tasks -> Export...
    7. Click Next
    8. Choose "Yes, export the private key". Click Next.
    9. Click Next with default options.
    10. Fill in and confirm password (remember the password, you need it when importing). Click Next.
    11. Browse to set the filename for the exported file. Click Next.
    12. Click Finish.
    13. You are now done exporting
    14. Log in as the user that is going to connect to the QMS API.
    15. Open Microsoft Management Console (Start -> Run -> mmc)
    16. Add Certificates Snap-in (File -> Add/Remove Snap-in -> Certificates -> Add...)
    17. In the dialog that pops up, choose "My user account". Click Finish.
    18. Click OK.
    19. Expand the tree view (Certificates -> Personal -> Certificates)
    20. Right click the "Certificates" folder - > All tasks -> Import...
    21. Click Next
    22. Browse for the exported file (change file type to *.pfx or "All Files"). Click Next.
    23. Type the password you set earlier. Click Next.
    24. Make sure that the Certificate store is set to "Personal". Click Next.
    25. Click Finish.

     

    Configuring the exe.config-file

     

    The only thing that needs to be changed to make the application work on your system is the HOSTNAME in the"endpoint"-part of the file. By default the certificates are issued using the hostname, and therefore the address in the config file must be the hostname of the server running the QMC (it has to match the server name that the SSL certificate is issued to).

    Using IP-address, loopback address, localhost or FQDN will not work, unless the certificate is issued using something else than hostname.

     

    <endpoint address="https://HOSTNAME:4799/QMS/Service" binding="wsHttpBinding"

                    bindingConfiguration="WSHttpBinding_IQMS" contract="QMSAPI.IQMS"

                    name="WSHttpBinding_IQMS" behaviorConfiguration="ServiceKeyEndpointBehavior"/>

     

    Resources

     

    QMS API Documentation - Version 11

     

     

     

    If anything is not working, please comment, and I will answer as soon as possible!

     

    -