https://community.qlik.com/t5/Management-Governance/Guidance-on-Unverified-Insecure-SSH-Private-Key-flagged-by/m-p/2530957#M32226 <P>Is it same for the ".Local Certificates" folder ?</P> Tue, 16 Sep 2025 14:18:57 GMT fabdulazeez 2025-09-16T14:18:57Z https://community.qlik.com/t5/Management-Governance/Guidance-on-Unverified-Insecure-SSH-Private-Key-flagged-by/m-p/2530940#M32224 <P>Defender for Cloud has raised an alert: <STRONG>“Unverified insecure SSH Private Key.”</STRONG><BR />It appears to be pointing to the <STRONG>Exported Certificates</STRONG> folder created by Qlik Sense.</P><P>C:\ProgramData\Qlik\Sense\Repository\Exported Certificates</P><P>I would like to know:</P><OL><LI><P>How can we mitigate this alert?</P></LI><LI><P>Is it safe to delete all the folders within <EM>Exported Certificates including .Local</EM>?</P></LI><LI><P>What would be the impact on Qlik Sense services if these folders are deleted?</P></LI><LI><P>Is there an alternative approach (e.g., securing or relocating the keys) instead of deletion?</P></LI></OL><P>We have a single node Qlik sense Enterprise on Windows may 2025 version on azure VM.</P> Tue, 16 Sep 2025 12:34:28 GMT https://community.qlik.com/t5/Management-Governance/Guidance-on-Unverified-Insecure-SSH-Private-Key-flagged-by/m-p/2530940#M32224 fabdulazeez 2025-09-16T12:34:28Z https://community.qlik.com/t5/Management-Governance/Guidance-on-Unverified-Insecure-SSH-Private-Key-flagged-by/m-p/2530954#M32225 <P>Hi&nbsp;<a href="https://community.qlik.com/t5/user/viewprofilepage/user-id/10066">@fabdulazeez</a>&nbsp;,</P> <P>those certificates are not explicitly used by Qlik Sense Enterprise during its activity.</P> <P>They are just exports that are usually manually created by the administrators when needed for third party purposes (like API calls).<BR />See&nbsp;<A href="https://community.qlik.com/t5/Official-Support-Articles/Export-client-certificate-and-root-certificate-to-make-API-calls/ta-p/1715515" target="_blank" rel="noopener">https://community.qlik.com/t5/Official-Support-Articles/Export-client-certificate-and-root-certificate-to-make-API-calls/ta-p/1715515</A>&nbsp;and&nbsp;<A href="https://help.qlik.com/en-US/sense-admin/May2025/Subsystems/DeployAdministerQSE/Content/Sense_DeployAdminister/QSEoW/Administer_QSEoW/Managing_QSEoW/export-certificates.htm" target="_blank">https://help.qlik.com/en-US/sense-admin/May2025/Subsystems/DeployAdministerQSE/Content/Sense_DeployAdminister/QSEoW/Administer_QSEoW/Managing_QSEoW/export-certificates.htm</A></P> <P>Once the certificates have been properly reimported for use by third party tools or the user making the API calls, they can be deleted or stored in another safe location. They can also be re-exported to the same folder in any moment, if needed.</P> <P>I hope this clarifies it!<BR /><BR />Daniele</P> Tue, 16 Sep 2025 14:09:40 GMT https://community.qlik.com/t5/Management-Governance/Guidance-on-Unverified-Insecure-SSH-Private-Key-flagged-by/m-p/2530954#M32225 Daniele_Purrone 2025-09-16T14:09:40Z https://community.qlik.com/t5/Management-Governance/Guidance-on-Unverified-Insecure-SSH-Private-Key-flagged-by/m-p/2530957#M32226 <P>Is it same for the ".Local Certificates" folder ?</P> Tue, 16 Sep 2025 14:18:57 GMT https://community.qlik.com/t5/Management-Governance/Guidance-on-Unverified-Insecure-SSH-Private-Key-flagged-by/m-p/2530957#M32226 fabdulazeez 2025-09-16T14:18:57Z https://community.qlik.com/t5/Management-Governance/Guidance-on-Unverified-Insecure-SSH-Private-Key-flagged-by/m-p/2530966#M32227 <P>Yes. None of the certificates used in "<SPAN>Exported Certificates" are actively used.</SPAN></P> <P><SPAN>If you want to be safe, you can zip the folders and store them somewhere else.</SPAN></P> Tue, 16 Sep 2025 14:41:37 GMT https://community.qlik.com/t5/Management-Governance/Guidance-on-Unverified-Insecure-SSH-Private-Key-flagged-by/m-p/2530966#M32227 Daniele_Purrone 2025-09-16T14:41:37Z