topic Re: problem on embedded mode and REST call with .pfx certificates in Management & Governance

problem on embedded mode and REST call with .pfx certificates

robb183 — Thu, 07 Jul 2022 09:11:06 GMT

Hi everybody
after upgrade version from Sense cm November 2019 to Sense CM February 2022, in a multi node environment:
the access to the app by another application on embedded mode does not work.

The servers of 3' part use rest call to server qlik and using certificate client.pfx and server.pfx generated from Qlik Central node.

The rest call to app returns an error:

https: //qap.CUSTOMERNAME.com/single/? appid = 9a972d68-f5ad-49fa-aefe-ffc8dc143e4d & sheet = 31157b1f-5f6d-4d96-8e60-e70527f0835e & opt = currsel & select = clearall
here the token is missing

the rest procedure to get the ticket reports the error message:

" Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target "

Tips?

Thakyou

Roberto

@Anonymous @itsupport

Re: problem on embedded mode and REST call with .pfx certificates

Eugene_Sleator — Mon, 11 Jul 2022 13:24:01 GMT

hi @robb183 before you upgraded did you back up the SSL certificates?

Re: problem on embedded mode and REST call with .pfx certificates

robb183 — Mon, 11 Jul 2022 13:40:40 GMT

Hi @Eugene_Sleator yes, i made a backup copies.

During installation, the attached screen appeared.

Best regardes Robb

Re: problem on embedded mode and REST call with .pfx certificates

Eugene_Sleator — Mon, 11 Jul 2022 14:07:19 GMT

Hi @robb183 is this the only issue that you have since the upgrade. Is the site otherwise working as it should?

Re: problem on embedded mode and REST call with .pfx certificates

robb183 — Mon, 11 Jul 2022 14:33:41 GMT

Hi @Eugene_Sleator

No that's not the only problem I had during the update.

I solved this by replacing the new certificates generated by Qlik client.pfx on third-party servers from which end users log in in embedded mode.

I have posted here another problem

https://community.qlik.com/t5/Deployment-Management/No-new-entry-available-in-Virtual-Proxy-JWT-invalid-public-key/m-p/1953229#M22669

another problem whose solution I am not yet clear about: it concerns the addition of a new record in the allowed list of the virtual proxy service.

Virtul proxy jwt based with pem certificate generate from QMC.

The solution suggested in the post is not clear to me.

After the update the virtual proxy how to configure before the update works but does not allow to insert / add new addresses to the Allow list.

I cannot modify the virtual proxy because several third-party production servers are correctly configured and working with the current virtual proxy service, I need to add a new one in the Allow list but QMC does not accept new entry and reports the error indicated in the screenshot

Re: problem on embedded mode and REST call with .pfx certificates

Eugene_Sleator — Mon, 11 Jul 2022 15:02:48 GMT

Hi @robb183 at this point I would suggest that you open a support case as your logs will need to be reviewed.

Support