QLIKSENSE SELF-SIGNED CERTIFICATE VULNERABILITY

SivenM2020 · ‎2020-11-17

Hi,

We have a few clients that has highlighted the self-signed certs as a security vulnerability.

We were told by QlikSupport (in the past), that there's no solution.

Has there been any further development on this?

Thanks,

Siven

rzenere_avvale · ‎2020-11-17

Hey @SivenM2020 ,

as far as I know, nothing changed.
However what I'm missing from your post is this: are you using self-signed certificates only for internal functions or also for browsing on the hub/qmc?
The first case cannot be changed as far as I know, but for browsing you can use a not-self signed certificate (which won't be provided by Qlik)

I hope this helps,
Riccardo

SivenM2020 · ‎2020-11-17

Hi Rzenere,

Its for internal comms/functions.

But this picks up as a vulnerability for local server, which is an issue for our clients.

Levi_Turner · ‎2020-11-18

It's generally not so much as a vulnerability as something which can be flagged. Can this behavior be changed? No.

As far as handling the exception, feel free to re-use this asset which I've used with customers. Broadly the certificates are randomly generated per site which eliminates the concern of hard-coded vendor certificates. This ultimately is what most organizations are concerned about and which Qlik Sense does not do.

Security

Self-signed Certificates

vulnerability