Deploying Database Encryption and Encrypting micro... - Qlik Community

QlikMaster1 · ‎2023-01-19

Hi,

We have managed to successfully deploy Database Encryption and Encrypting the micro services that run under Service Dispatcher fine using these articles on single node installs, but need advice for our multi node (production install) :

https://community.qlik.com/t5/Official-Support-Articles/Qlik-Sense-on-Windows-Setup-Database-Traffic...

https://help.qlik.com/en-US/sense-admin/November2022/Subsystems/DeployAdministerQSE/Content/Sense_De...

Now we are moving to November 2022 patch 3 having deployed it successfully in our Non Prod environment that are both single nodes, but our production is a 6 box multi node.

The articles seem lacking in advising when deploying to Postgres standalone boxes the server.pem and server_key.pem files, if these should be the central node files, as looking at Postgres it will only read on set of server certs, so this would make sense and then these server.pem and server_key.pem files from the central node, would need to be copied to the rim nodes and replace .Local variants for the microservices and qlik to be able to read them.

I don't believe the root or client certificates would need to change for the rim nodes just the server.pem and server_key.pem that would come from Central.

The only time this would change is when a failover occurred and the server.pem and server_key.pem would need to replace the central version on :

* 2 x Postgres boxes

* 5 - Rim nodes

Then changed back when failed back.

Is this correct ? or am I missing something as like I say the documentation is lacking in this regard.

Thanks

Deploying Database Encryption and Encrypting micro services running under Service Dispatcher

Client Managed