article 3rd party certificate shows Current version of .NET cannot directly access private key for certificate CN=domain address in Official Support Articles https://community.qlik.com/t5/Official-Support-Articles/3rd-party-certificate-shows-Current-version-of-NET-cannot/ta-p/1711121 <P>The following can be seen after applying a 3rd party certificate:<BR /><BR />Warning message in the <SPAN style="font-family: Courier New,Courier,monospace;">*_Security_Proxy.*</SPAN>&nbsp;trace log:&nbsp;</P> <P><SPAN style="font-family: Courier New,Courier,monospace;">WARN ... Current version of .NET cannot directly access private key for certificate 'CN=domain address' (XXXXXXXXXXXXXX)</SPAN><BR /><BR />Users could see:</P> <P><SPAN style="font-family: Courier New,Courier,monospace;">Error 500: Internal Server Error</SPAN></P> <H4><BR /><BR />Environment:</H4> <DIV style="margin-left: 40px;"><LI-PRODUCT title="Qlik Sense Enterprise on Windows" id="qlikSenseEnterpriseWindows"></LI-PRODUCT>&nbsp;</DIV> <P>&nbsp;</P> <P>CNG certificate support is not fully implemented while CryptoAPI is fully supported. So the certificate needs to be converted before it will work.</P> <P>&nbsp;</P> <H3 class="qlik-migrated-tkb-headings">Resolution:</H3> <P><BR />Use OpenSSL to convert the 3rd party certificate to the CryptoAPI format. The resulting CryptoAPI format will be accepted by Qlik Sense.&nbsp;<BR /><BR />1.) Convert the certificate first from PFX in CNG format to PEM</P> <PRE class="ckeditor_codeblock"><SPAN style="font-family: Courier New,Courier,monospace;">openssl pkcs12 -in 3rdparty-cngformat.pfx -out 3rdparty.pem</SPAN></PRE> <P><BR />2.) Convert it back from PEM to PFX getting PFX in CryptoAPI format</P> <PRE class="ckeditor_codeblock"><SPAN style="font-family: Courier New,Courier,monospace;">openssl pkcs12 -export -in 3rdparty.pem -out applytoSense.pfx</SPAN></PRE> <P><BR />More information can be found here<BR /><A href="https://docs.microsoft.com/en-us/windows/win32/seccertenroll/understanding-cryptographic-providers" target="_blank" rel="noopener">https://docs.microsoft.com/en-us/windows/win32/seccertenroll/understanding-cryptographic-providers</A><BR />&nbsp;</P> Mon, 05 Jul 2021 13:36:09 GMT Sebastian_Linser 2021-07-05T13:36:09Z 3rd party certificate shows Current version of .NET cannot directly access private key for certificate CN=domain address https://community.qlik.com/t5/Official-Support-Articles/3rd-party-certificate-shows-Current-version-of-NET-cannot/ta-p/1711121 <P>The following can be seen after applying a 3rd party certificate:<BR /><BR />Warning message in the <SPAN style="font-family: Courier New,Courier,monospace;">*_Security_Proxy.*</SPAN>&nbsp;trace log:&nbsp;</P> <P><SPAN style="font-family: Courier New,Courier,monospace;">WARN ... Current version of .NET cannot directly access private key for certificate 'CN=domain address' (XXXXXXXXXXXXXX)</SPAN><BR /><BR />Users could see:</P> <P><SPAN style="font-family: Courier New,Courier,monospace;">Error 500: Internal Server Error</SPAN></P> <H4><BR /><BR />Environment:</H4> <DIV style="margin-left: 40px;"><LI-PRODUCT title="Qlik Sense Enterprise on Windows" id="qlikSenseEnterpriseWindows"></LI-PRODUCT>&nbsp;</DIV> <P>&nbsp;</P> <P>CNG certificate support is not fully implemented while CryptoAPI is fully supported. So the certificate needs to be converted before it will work.</P> <P>&nbsp;</P> <H3 class="qlik-migrated-tkb-headings">Resolution:</H3> <P><BR />Use OpenSSL to convert the 3rd party certificate to the CryptoAPI format. The resulting CryptoAPI format will be accepted by Qlik Sense.&nbsp;<BR /><BR />1.) Convert the certificate first from PFX in CNG format to PEM</P> <PRE class="ckeditor_codeblock"><SPAN style="font-family: Courier New,Courier,monospace;">openssl pkcs12 -in 3rdparty-cngformat.pfx -out 3rdparty.pem</SPAN></PRE> <P><BR />2.) Convert it back from PEM to PFX getting PFX in CryptoAPI format</P> <PRE class="ckeditor_codeblock"><SPAN style="font-family: Courier New,Courier,monospace;">openssl pkcs12 -export -in 3rdparty.pem -out applytoSense.pfx</SPAN></PRE> <P><BR />More information can be found here<BR /><A href="https://docs.microsoft.com/en-us/windows/win32/seccertenroll/understanding-cryptographic-providers" target="_blank" rel="noopener">https://docs.microsoft.com/en-us/windows/win32/seccertenroll/understanding-cryptographic-providers</A><BR />&nbsp;</P> Mon, 05 Jul 2021 13:36:09 GMT https://community.qlik.com/t5/Official-Support-Articles/3rd-party-certificate-shows-Current-version-of-NET-cannot/ta-p/1711121 Sebastian_Linser 2021-07-05T13:36:09Z