https://community.qlik.com/t5/Management-Governance/wrong-ssl-certificate-used-for-login-page/m-p/1411689#M10974 <HTML><HEAD></HEAD><BODY><P>Nope, that's not it. The domain name is fine. It's only on the login page that Qlik Sense uses its own self-signed certificate. Thanks anyway.</P></BODY></HTML> Mon, 23 Oct 2017 07:25:33 GMT Gysbert_Wassenaar 2017-10-23T07:25:33Z https://community.qlik.com/t5/Management-Governance/wrong-ssl-certificate-used-for-login-page/m-p/1411687#M10972 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>I have qlik sense server that's configured with a 3rd party ssl certificate. <EM>After</EM> logging in that certificate is used and the browser is happy with the trustworthy certificate.</P><P></P><P>However<EM> when logging in</EM> the form login page (<A href="https://qliksense.hdn.nl:4244/form/?targetId=5" title="https://qliksense.hdn.nl:4244/form/?targetId=5">https://server.domain.com:4244/form/?targetId=xyz....etc</A>‌) uses the self-signed certificatate instead of the proper certificate. This is not nice, because now users see warnings in the browser that this an insecure site.</P><P></P><P>On another site everything works correctly and I don't see differences in how the proxy and virtual proxies are configured. Any help and hints are appreciated.</P></BODY></HTML> Mon, 23 Oct 2017 07:06:59 GMT https://community.qlik.com/t5/Management-Governance/wrong-ssl-certificate-used-for-login-page/m-p/1411687#M10972 Gysbert_Wassenaar 2017-10-23T07:06:59Z https://community.qlik.com/t5/Management-Governance/wrong-ssl-certificate-used-for-login-page/m-p/1411688#M10973 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Not sure but couple of checks.</P><P></P><P>1. DNS entry.</P><P>2. Host name mapping defined in hosts file of windows server.</P><P></P><P>Regards,</P><P>Kaushik Solanki</P></BODY></HTML> Mon, 23 Oct 2017 07:15:29 GMT https://community.qlik.com/t5/Management-Governance/wrong-ssl-certificate-used-for-login-page/m-p/1411688#M10973 kaushiknsolanki 2017-10-23T07:15:29Z https://community.qlik.com/t5/Management-Governance/wrong-ssl-certificate-used-for-login-page/m-p/1411689#M10974 <HTML><HEAD></HEAD><BODY><P>Nope, that's not it. The domain name is fine. It's only on the login page that Qlik Sense uses its own self-signed certificate. Thanks anyway.</P></BODY></HTML> Mon, 23 Oct 2017 07:25:33 GMT https://community.qlik.com/t5/Management-Governance/wrong-ssl-certificate-used-for-login-page/m-p/1411689#M10974 Gysbert_Wassenaar 2017-10-23T07:25:33Z https://community.qlik.com/t5/Management-Governance/wrong-ssl-certificate-used-for-login-page/m-p/1411690#M10975 <HTML><HEAD></HEAD><BODY><P>What I understand is when a request is made from browser to Qlik Sense, it checks for the Proxy SSL certificate if it is not available or access is not allowed then it will use the self signed certificate.</P><P></P><P>What you think on this.</P><P></P><P>If this is the case then Help site says below.</P><P><SPAN style="color: #0f0f0f; font-family: 'Open Sans', Arial, sans-serif; font-size: 14px; background-color: #f4f4f4;">When editing a proxy certificate as a user without admin privileges, you need to run the repository in bootstrap mode before the changes take effect.</SPAN></P><P><SPAN style="color: #0f0f0f; font-family: 'Open Sans', Arial, sans-serif; font-size: 14px; background-color: #f4f4f4;"><BR /></SPAN></P><P><SPAN style="color: #0f0f0f; font-family: 'Open Sans', Arial, sans-serif; font-size: 14px; background-color: #f4f4f4;">Regards,</SPAN></P><P><SPAN style="color: #0f0f0f; font-family: 'Open Sans', Arial, sans-serif; font-size: 14px; background-color: #f4f4f4;">Kaushik Solanki</SPAN></P></BODY></HTML> Mon, 23 Oct 2017 07:49:08 GMT https://community.qlik.com/t5/Management-Governance/wrong-ssl-certificate-used-for-login-page/m-p/1411690#M10975 kaushiknsolanki 2017-10-23T07:49:08Z https://community.qlik.com/t5/Management-Governance/wrong-ssl-certificate-used-for-login-page/m-p/1411691#M10976 <HTML><HEAD></HEAD><BODY><P>Yeah ok. But the QS proxy does have access to the SSL certificate. After logging in it uses that certificate and the browser is happy. It's only on the login page that the self-signed certificate is used. It's like it uses the right certificate for port 443 but still uses the self-signed certificate for port 4244. And this does not happen on another QS site we have. There the self-signed certificate is never presented to the users browser.</P></BODY></HTML> Mon, 23 Oct 2017 08:11:33 GMT https://community.qlik.com/t5/Management-Governance/wrong-ssl-certificate-used-for-login-page/m-p/1411691#M10976 Gysbert_Wassenaar 2017-10-23T08:11:33Z https://community.qlik.com/t5/Management-Governance/wrong-ssl-certificate-used-for-login-page/m-p/1411692#M10977 <HTML><HEAD></HEAD><BODY><P>Hi Gysbert,</P><P></P><P>The SSL certificate is bound to port 443 which is why it's presented there. </P><P>If you want the same for the form login page, you will also need to bind it to 4244. You are specifying the port number in the URL, so you can't expect it to use the certificate bound to port 443.</P><P></P><P>best regards,</P><P>Simon </P></BODY></HTML> Mon, 23 Oct 2017 08:38:08 GMT https://community.qlik.com/t5/Management-Governance/wrong-ssl-certificate-used-for-login-page/m-p/1411692#M10977 simon_minifie 2017-10-23T08:38:08Z https://community.qlik.com/t5/Management-Governance/wrong-ssl-certificate-used-for-login-page/m-p/1411693#M10978 <HTML><HEAD></HEAD><BODY><P>So why does it work on my other qlik sense site?</P></BODY></HTML> Mon, 23 Oct 2017 08:54:25 GMT https://community.qlik.com/t5/Management-Governance/wrong-ssl-certificate-used-for-login-page/m-p/1411693#M10978 Gysbert_Wassenaar 2017-10-23T08:54:25Z https://community.qlik.com/t5/Management-Governance/wrong-ssl-certificate-used-for-login-page/m-p/1411694#M10979 <HTML><HEAD></HEAD><BODY><P>Actually, that's a very good point. It should automatically bind to both ports.</P><P>Open up a command prompt on the server and have a look at the 'netsh http show sslcert' </P><P>The same certificate hash should be bound to 443 and 4244</P></BODY></HTML> Mon, 23 Oct 2017 09:09:01 GMT https://community.qlik.com/t5/Management-Governance/wrong-ssl-certificate-used-for-login-page/m-p/1411694#M10979 simon_minifie 2017-10-23T09:09:01Z https://community.qlik.com/t5/Management-Governance/wrong-ssl-certificate-used-for-login-page/m-p/1411695#M10980 <HTML><HEAD></HEAD><BODY><P>That's what I thought. But I when I checked the the self-signed certificate was (and is) bound to port 4244.</P></BODY></HTML> Mon, 23 Oct 2017 11:06:56 GMT https://community.qlik.com/t5/Management-Governance/wrong-ssl-certificate-used-for-login-page/m-p/1411695#M10980 Gysbert_Wassenaar 2017-10-23T11:06:56Z https://community.qlik.com/t5/Management-Governance/wrong-ssl-certificate-used-for-login-page/m-p/1411696#M10981 <HTML><HEAD></HEAD><BODY><P>Ok, have you tried removing that binding and applying the signed certificate to it? </P></BODY></HTML> Mon, 23 Oct 2017 11:22:33 GMT https://community.qlik.com/t5/Management-Governance/wrong-ssl-certificate-used-for-login-page/m-p/1411696#M10981 simon_minifie 2017-10-23T11:22:33Z https://community.qlik.com/t5/Management-Governance/wrong-ssl-certificate-used-for-login-page/m-p/1411697#M10982 <HTML><HEAD></HEAD><BODY><P>That seems to have done the trick. Thanks!</P><P></P><P>It would be nice to know why it was necessary, but if it keeps working I can live with it.</P></BODY></HTML> Mon, 23 Oct 2017 13:07:55 GMT https://community.qlik.com/t5/Management-Governance/wrong-ssl-certificate-used-for-login-page/m-p/1411697#M10982 Gysbert_Wassenaar 2017-10-23T13:07:55Z https://community.qlik.com/t5/Management-Governance/wrong-ssl-certificate-used-for-login-page/m-p/1411698#M10983 <HTML><HEAD></HEAD><BODY><P>Glad we got there <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span> </P><P>Yes, is odd that it happened. I presume there was an error during the removal of the self-signed certificate. Would have been nice to see an error somewhere.</P><P></P><P>thanks,</P><P>Simon</P></BODY></HTML> Mon, 23 Oct 2017 14:57:23 GMT https://community.qlik.com/t5/Management-Governance/wrong-ssl-certificate-used-for-login-page/m-p/1411698#M10983 simon_minifie 2017-10-23T14:57:23Z https://community.qlik.com/t5/Management-Governance/wrong-ssl-certificate-used-for-login-page/m-p/1411699#M10984 <HTML><HEAD></HEAD><BODY><P>Yeah, that could be it. The self-signed certificate was replaced after I'd added the 3rd party certificate.</P><P></P><P>Thanks for the help!</P></BODY></HTML> Tue, 24 Oct 2017 05:55:21 GMT https://community.qlik.com/t5/Management-Governance/wrong-ssl-certificate-used-for-login-page/m-p/1411699#M10984 Gysbert_Wassenaar 2017-10-24T05:55:21Z https://community.qlik.com/t5/Management-Governance/wrong-ssl-certificate-used-for-login-page/m-p/1411700#M10985 <HTML><HEAD></HEAD><BODY><P>Thanks Simon,</P><P></P><P>the same issue happened to me and your post solved the issue.</P><P></P><P>Still many thanks,</P><P>Riccardo</P></BODY></HTML> Thu, 19 Apr 2018 13:40:38 GMT https://community.qlik.com/t5/Management-Governance/wrong-ssl-certificate-used-for-login-page/m-p/1411700#M10985 rzenere_avvale 2018-04-19T13:40:38Z