Skip to main content
Announcements
Join us at Qlik Connect for 3 magical days of learning, networking,and inspiration! REGISTER TODAY and save!
cancel
Showing results for 
Search instead for 
Did you mean: 
hbandari3636
Contributor III
Contributor III

Certificate Issue for solving non secure site

Hi All,

We have migrated to a new server recently and so we had to migrate two certificates one issued through QMC named QlikClient issued by Old server domain-CA and other which is issued to the new server domain and Issued by Old server domain-CA. I have used IIs to request a CSR for the same through the process that was specified in the link below to solve the not secure site due to certificate invalid.

https://www.digicert.com/csr-creation-ssl-installation-iis-10.htm

But once I get back the signed certificate and I followed same procedure to install the signed certificate and I get a 500 error on the site. Following some links saying that this process should be done in MMC I tried to use the same response certificate to import into MMC->Local computer,etc. and tried to delete other two certificates and edited the proxy in QMC with the new certificates hash value. But once I have done that and restarted the QMC the site is not reacheable with the error ERR_CONNECTION_TIMED_OUT. Once I removed the new certificate and installed both old certificates the site is up again.

Can you let me know what wrong could I be doing in this process which is making this error and if we should be sending certificate for signing which certificate should we be using the certificate which is issued to new server domain or QlikClient certificate which is extracted from QMC in the old server.

Thanks in advance.

Regards,

Hemantha.

Labels (3)
1 Solution

Accepted Solutions
hbandari3636
Contributor III
Contributor III
Author

We have found a solution for this with the help of below link as it says we should not delete or replace any existing certificates but just place the new one and in bindings assign the new certificate to particular https site port.

 

https://community.qlik.com/t5/Qlik-Support-Updates-Blog/Qlik-Sense-Hub-and-QMC-with-a-custom-SSL-cer...

 

Thanks,

Hemantha.

View solution in original post

5 Replies
andoryuu
Creator III
Creator III

Just to confirm: when you say "edited the proxy in QMC with the new certificates hash value" you copied the thumbprint of the new certificate into all proxies that are used to access Qlik Sense and cycled the proxies, right?
The QlikClient certificate is not the one that you need. You have to have a signed certificate from your cert authority on your domain that is issuing a signed certificate, install that one, and copy over the thumbprint.
hbandari3636
Contributor III
Contributor III
Author

I have the certificate which was migrated from the old server and issued by old server and which is issued to new server. Do I send that certificate to the certificate authority and get it signed? or just get a certificate on the new domain name which is signed by CA.

Thanks,

Hemantha.

hbandari3636
Contributor III
Contributor III
Author

@andoryuu   Hi, 

Quick update I am able to upload the correct certificate and update the proxies with thumbprint value and restarted the services. The site works normally in Internet explorer but in Chrome it throws ERR_Common_name_invalid error and once I tried to clear cache and restart chrome it again shows the same not secure site error and once I click on continue it is directed to the site.  Do you think I have missed something to not make it work in chrome please?

Thanks in advance.

Regards,

Hemantha.

@Daniele_Purrone  Can you help me on this if you can please.

hbandari3636
Contributor III
Contributor III
Author

We have found a solution for this with the help of below link as it says we should not delete or replace any existing certificates but just place the new one and in bindings assign the new certificate to particular https site port.

 

https://community.qlik.com/t5/Qlik-Support-Updates-Blog/Qlik-Sense-Hub-and-QMC-with-a-custom-SSL-cer...

 

Thanks,

Hemantha.

halen04k
Contributor
Contributor

I have solved my issue by disabling SSL / TLS protocol filtering in third party antivirus software settings.