Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Qlik Connect 2025: 3 days of full immersion in data, analytics, and AI. May 13-15 | Orlando, FL: Learn More
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
millnet-maho
Partner - Contributor III
Partner - Contributor III
‎2019-08-15 11:21 AM

Generated root certificate is not a valid CA certificate

It appears that the internal CA root certificate (subject: CN=server-name-CA, which is used for internal authentication even if a different certificate is used for port 443) is not a valid CA, because it lacks the CA flag (the X509v3 Basic Constraints extension). It's obviously possible to install as a trusted root CA in Windows' certificate store, but other software refuses to recognize certificates signed by it as valid, even if you tell such software to trust it.

Is this a known bug? Is it possible to replace the root certificate with a manually constructed one? Will Qlik Sense use it as long as it has the right subject and the private key is available or if the thumbprint is updated in some obscure place (more obscure than the thumbprint for the public web interface certificate)? Or has it even been fixed recently (but certificates will still have to be replaced in that case)?

Labels (1)
Labels
8,240 Views
0 Likes
10 Replies
Anonymous
Not applicable
‎2020-02-26 03:32 PM

In response to fabdulazeez

As you can see. The Fix for this is in  recent release (June 2019) but the problem can occur as far back as the releases in 2017. The reasons I've found vary. For example, a recent client reported they upgrade their JDK from 1.7 to 1.8. Then this popped up. There may be other reasons as well but we do not document them. 

 

Eddie

463 Views