https://community.qlik.com/t5/Management-Governance/QlikServiceCluster-Certificate-in-Single-Node-Environment/m-p/2533742#M32307 <P class="">Hello Qlik Community,</P><P class="">We have a customer running Qlik Sense Enterprise on Windows&nbsp;in a single-node environment without app distribution. They are experiencing issues with their internal security scans, which flag the self-signed certificates generated by Qlik Sense, i.e. the QlikServiceCluster certificate and self-signed certificate for the server.</P><P class="">Their security policy only allows certificates that are either:</P><UL><LI>Signed by their internal CA, or</LI><LI>Signed by a globally trusted CA</LI></UL><P class="">Our questions:</P><OL><LI><STRONG>Is the QlikServiceCluster certificate actually required in a single-node setup without app distribution?</STRONG> Since there's no multi-node communication or cluster functionality being used, we're wondering if this certificate serves any purpose in this scenario.</LI><LI><STRONG>Can we safely remove or replace the QlikServiceCluster certificate</STRONG> without breaking the Qlik Sense installation or causing issues with services?</LI><LI><STRONG>What is the officially recommended approach</STRONG> for customers who have strict certificate policies and cannot use self-signed certificates for internal communication?</LI><LI><STRONG>Are there any configuration options or best practices</STRONG> to handle this situation while maintaining full supportability?</LI></OL><P class="">We understand that replacing proxy certificates for HTTPS is straightforward via QMC, but we're specifically concerned about the internal service communication certificates.</P><P class="">Any guidance from Qlik or the community would be greatly appreciated!</P><P class=""><STRONG>Environment details:</STRONG></P><UL><LI>Qlik Sense Enterprise on Windows<UL><LI>May 2024</LI></UL></LI><LI>Single-node installation</LI><LI>No app distribution configured</LI></UL><P class="">Thank you in advance for your help!</P> Fri, 17 Oct 2025 13:38:26 GMT SBr 2025-10-17T13:38:26Z https://community.qlik.com/t5/Management-Governance/QlikServiceCluster-Certificate-in-Single-Node-Environment/m-p/2533742#M32307 <P class="">Hello Qlik Community,</P><P class="">We have a customer running Qlik Sense Enterprise on Windows&nbsp;in a single-node environment without app distribution. They are experiencing issues with their internal security scans, which flag the self-signed certificates generated by Qlik Sense, i.e. the QlikServiceCluster certificate and self-signed certificate for the server.</P><P class="">Their security policy only allows certificates that are either:</P><UL><LI>Signed by their internal CA, or</LI><LI>Signed by a globally trusted CA</LI></UL><P class="">Our questions:</P><OL><LI><STRONG>Is the QlikServiceCluster certificate actually required in a single-node setup without app distribution?</STRONG> Since there's no multi-node communication or cluster functionality being used, we're wondering if this certificate serves any purpose in this scenario.</LI><LI><STRONG>Can we safely remove or replace the QlikServiceCluster certificate</STRONG> without breaking the Qlik Sense installation or causing issues with services?</LI><LI><STRONG>What is the officially recommended approach</STRONG> for customers who have strict certificate policies and cannot use self-signed certificates for internal communication?</LI><LI><STRONG>Are there any configuration options or best practices</STRONG> to handle this situation while maintaining full supportability?</LI></OL><P class="">We understand that replacing proxy certificates for HTTPS is straightforward via QMC, but we're specifically concerned about the internal service communication certificates.</P><P class="">Any guidance from Qlik or the community would be greatly appreciated!</P><P class=""><STRONG>Environment details:</STRONG></P><UL><LI>Qlik Sense Enterprise on Windows<UL><LI>May 2024</LI></UL></LI><LI>Single-node installation</LI><LI>No app distribution configured</LI></UL><P class="">Thank you in advance for your help!</P> Fri, 17 Oct 2025 13:38:26 GMT https://community.qlik.com/t5/Management-Governance/QlikServiceCluster-Certificate-in-Single-Node-Environment/m-p/2533742#M32307 SBr 2025-10-17T13:38:26Z https://community.qlik.com/t5/Management-Governance/QlikServiceCluster-Certificate-in-Single-Node-Environment/m-p/2533743#M32308 <P>Hi,</P><P>I won't advise removing the self-signed cert. This is required for internal service communications (even on single node).</P><P>It gets used by the Qliksense services ONLY. (not remote/application access)</P><P>For application access (QMC/Hub), you can change/use a SSL cert.</P><P>But the self-sign cert has to remain.</P> Fri, 17 Oct 2025 13:45:04 GMT https://community.qlik.com/t5/Management-Governance/QlikServiceCluster-Certificate-in-Single-Node-Environment/m-p/2533743#M32308 SivenM2020 2025-10-17T13:45:04Z