Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Join us at Qlik Connect for 3 magical days of learning, networking,and inspiration! REGISTER TODAY and save!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
millnet-maho
Partner - Contributor III
Partner - Contributor III
‎2019-08-15 11:21 AM

Generated root certificate is not a valid CA certificate

It appears that the internal CA root certificate (subject: CN=server-name-CA, which is used for internal authentication even if a different certificate is used for port 443) is not a valid CA, because it lacks the CA flag (the X509v3 Basic Constraints extension). It's obviously possible to install as a trusted root CA in Windows' certificate store, but other software refuses to recognize certificates signed by it as valid, even if you tell such software to trust it.

Is this a known bug? Is it possible to replace the root certificate with a manually constructed one? Will Qlik Sense use it as long as it has the right subject and the private key is available or if the thumbprint is updated in some obscure place (more obscure than the thumbprint for the public web interface certificate)? Or has it even been fixed recently (but certificates will still have to be replaced in that case)?

Labels (1)
Labels
8,359 Views
0 Likes
10 Replies
Anonymous
Not applicable
‎2020-02-26 03:32 PM

In response to fabdulazeez

As you can see. The Fix for this is in  recent release (June 2019) but the problem can occur as far back as the releases in 2017. The reasons I've found vary. For example, a recent client reported they upgrade their JDK from 1.7 to 1.8. Then this popped up. There may be other reasons as well but we do not document them. 

 

Eddie

470 Views