Skip to main content
Announcements
Global Transformation Awards! Applications are now open. Submit Entry
cancel
Showing results for 
Search instead for 
Did you mean: 
bruno_martins_l
Partner - Creator
Partner - Creator

How configure Certificate in Qlik SENSE with IIS

Hello,

I have install Qlik SENSE server in my Windows Server, I have activate the licence and the LDAP Connector.

When I connect to the HUB it's works but I have a message of warning with the certificate, but my server have a certificat configure by IIS.

How I can configure the certificate in SENSE to don't have the Warning Error please ?

Kind regards,

Bruno

10 Replies
Not applicable

Bruno,

By default, Qlik Sense server creates its own self-signed certificates during install.  If you wish to change the server certificate used by the Qlik Sense server you will want to do the following:

1.  Your IIS server certificate needs to be issued from a trusted certificate authority and include the private key.

2.  Import this certificate into the local machine\personal certificate store through the MMC on the Qlik Sense server.

3.  Open the certificate and make note of the thumbprint for the certificate.

4.  Open the Qlik Sense server QMC and click on the Proxies item in the Configure System section of the left-side menu.

5.  Open the Central proxy and click on the Security list item on the right side of the screen.  The Security thumbprint text box will appear.

6.  Enter the thumbprint of the certificate without spaces to be safe and click Apply.

7.  The QMC will prompt for restart.

Here is the reference from help.qlik.com: http://help.qlik.com/sense/en-US/online/#../Subsystems/ManagementConsole/Content/ServerUserGuide/SUG...

If you add a certificate thumbprint from a certificate without a private key the thumbprint entry will not work.  If you run into problems after applying the thumbprint, I think you can go back to default settings by deleting the certificate from the MMC and stop and start the Qlik Proxy Service.  Some admins prefer to turn on http in Qlik Sense Central proxy temporarily to test https functionality with the updated thumbprint.  That way if something goes awry you have a back up entry method during testing.

jg

bruno_martins_l
Partner - Creator
Partner - Creator
Author

Hi,

Thanks for your answer, it's works for my PROD Server but not for my DEV Server node (they have one certificat each). I have configured each proxy (DEV, PROD) with the good certificate.

I have this error for the DEV server :

DO you have any idea ?

Kind regards,

Bruno

Not applicable

So if you have two proxy nodes, one for prod and one for dev, put the prod cert thumbprint in the prod proxy and the dev cert thumbprint in the dev proxy.  The next thing you will probably have to do is create virtual proxies (one for prod and one for dev) and then link each one to its respective proxy.  When you connect to Qlik Sense you will go to https://SenseHost/virtualProxy/hub.  For example, if your sense host is sense11, you would go to https://sense11/prod/hub for the production hub and https://sense11/dev/hub for the dev environment.

jg

bruno_martins_l
Partner - Creator
Partner - Creator
Author

you have two proxy nodes, one for prod and one for dev, put the prod cert thumbprint in the prod proxy and the dev cert thumbprint in the dev proxy.

-> OK


I don't understand why I Need to configure two virtual proxys ?I have two URL different for PROD and DEV. The PROD works fine, and for the DEV, the QMC works fine but not the HUB.




Not applicable

Ok, I misunderstood. The first step may resolve your issue then.  Another option is to get a wildcard certificate and use that in place of the separate prod and dev certs.

jg

bruno_martins_l
Partner - Creator
Partner - Creator
Author

I have already configure the proxy of the two servers with the two certificates but it's not resolve my issue

Not applicable

Bruno, so basically your communication to the Qlik Sense server needs to go through the IIS server in order for it to be trusted.  Or you can apply the QlikClient certificate to the local client computer you are accessing Qlik Sense from.

Here is a document I wrote regarding mashups with IIS, but you may be able to use part of it to manage the communication between your IIS server and Qlik Sense server if the intent is to trust communication between the two environments.

If the purpose of the IIS based cert is not to trust communication between the IIS and Qlik Sense server I recommend going back to using the self-signed certificate and importing the QlikClient cert on your local.  This will make the cert trust messages go away.

The only thing I can think of right now is your cert does not have a private key OR when you access Qlik Sense using your IIS cert you are not typing in the matching hostname for the certificate.

Here is the link to the document: Embedding Qlik Sense content into an IIS Website on Different Servers

Not applicable

hello

which one to install as a webservice in a windows 2012 R2 machine,  IIS or the one that Qlik offers

Regards

fmarvnnt
Partner - Creator III
Partner - Creator III

The Link is no more valid.