Skip to main content
Announcements
Do More with Qlik - Qlik Cloud Analytics Recap and Getting Started, June 19: REGISTER
cancel
Showing results for 
Search instead for 
Did you mean: 
anthonymarical
Partner - Contributor
Partner - Contributor

Certificate SSL Qlik Sense does not work on the domain but works locally

Hi Qlik Community !

I have exactly the same problem as this guy :

https://community.qlik.com/t5/Qlik-Sense-Deployment-Management/Qlik-Sense-server-own-domain-SSL-cert...

Except that the post is very old, so Qlik Sense has evolved a lot and I'm in a Windows Server 2016 environnent.

What's crazy is that I put the digital fingerprint of my certificate in proxies settings, restarting the server machine/services and yet it still points to the self-signed certificate, so SSL works but only locally and not on my domain.

I'm using Qlik Sense Server version: 13.42.1 (September 2019)

On my other server that works well with SSL absolutely nothing changes between the two versions of Qlik Sense which is older (13.9.1 - February 2019).

So I wonder if it's not just a bug and I need to update Qlik or I missed something important?

Kind Regards,
Anthony.

Labels (4)
2 Solutions

Accepted Solutions
jaishree_Qlik
Partner - Contributor III
Partner - Contributor III

Would like to say my issue resolved by moving *.domain.com certificate to personal folder for local computer instead of Trusted Root Certificate Folder.

View solution in original post

Boris_I
Support
Support

Hi @jaishree_Qlik ,

When you import the certificate you need to be log on with the user running the Sense services and the certificate need to be store in the personal store.

https://community.qlik.com/t5/Official-Support-Articles/How-to-change-the-certificate-used-by-the-Ql... 

Regards

 

View solution in original post

5 Replies
jwjackso
Specialist III
Specialist III

Did you remove the spaces from the thumbprint, that is what worked for me. 

Are you using the fully qualified name that you registered with the SSL certificate.

In the mmc->Certificates (Local Computer)->Personal->Certificates, double-click your certificate.  Under the General tab verify that the certificate has a private key.  Under the Certification Path tab verify the status is ok 

anthonymarical
Partner - Contributor
Partner - Contributor
Author

I removed the spaces in the thumbprint and it doesn't change the problem (I restarted the services and even the server)

I do have the private key of the certificate to install in the MMC and when I trace the source of the certificate back to Digicert I have the "valid status" each time.

It looks like the server only takes into account the local self-signed certificate and not my certificate with an external certificate authority.

My certificate has for FQDN: *.mydomain.io

My first working server is called: app.mydomain.io

And the one that doesn't work is called: demo.mydomain.io

What I want is for the certificate to point to demo.mydomain.io when it currently points to the local machine name.

I have compared the "app" server with the "demo" server and there is no difference, except for the older Qlik version on "app" and the thumbprint which is different because I reissued the certificate for the "demo" server for more security.

jaishree_Qlik
Partner - Contributor III
Partner - Contributor III

Does this issue resolved as I am facing too same error with digicert. Everything is okay in terms of Thumbprint , enabling HTTPS , Service account as in Administrator and private key shared with Administrator Group. Its wild card so in mmc it is *.domain.com and in Qlik url its qlikanalytics .domain.com.

I did reinstallation of Qlik Sense with CNAME as qlikanalytics just to ensure to pickup name. But no luck !!

Appreciate valuable inputs.

jaishree_Qlik
Partner - Contributor III
Partner - Contributor III

Would like to say my issue resolved by moving *.domain.com certificate to personal folder for local computer instead of Trusted Root Certificate Folder.

Boris_I
Support
Support

Hi @jaishree_Qlik ,

When you import the certificate you need to be log on with the user running the Sense services and the certificate need to be store in the personal store.

https://community.qlik.com/t5/Official-Support-Articles/How-to-change-the-certificate-used-by-the-Ql... 

Regards