Hi,

@David_Friend, I just took a look on the document you shared. In step 7, it is asked to delete the QlikClient certificate.

But, as explained previously, I don't have access to that certificate from my script (as it is launched with another user account than the account used by Qlik).

Please advice,

Thanks very much.

I think its simpler to just re-create them, but want to hear from others on the best strategy. @Nick_Asilo or @Mike_Dickson ?

@Keryss the backup of the certificates is a useful step when you are restoring to a server with the same hostname, so either restoring to the same server or to a different server that has been given the same FQDN for the purpose of the migration.

However, when you migrate to a new server with a different hostname you are forced to recreate the certificates since the certificates are tied to the central node's hostname. This means recreating the certificate as mentioned by @David_Friend 

Note that the password for data connections are encrypted using the certificate so if you recreate the certificate you have to manually re-enter the username and password into the data connections to have them inserted into the DB with the correct encryption.

See the following documentation:
Restoring a Qlik Sense site to a machine with a different hostname 
Qlik Sense Enterprise on Windows: Change hostname (and certificates) after an installation 

Hi, 

Thanks for your reply.

Sorry, but I don't understand.

In my case, I will restore in two different cases :

Case 1 : On a server with the same hostname. Every night, I do a full backup of Qlik Site from that server. And if, for some reason, the VM crashes, the "Disaster recovery" process will delete the VM and re-created from scratch, with same hostname. Then, Qlik is installed (fresh installed from scratch), and finally we need to restore the backup done before the crash.

In this case, do we need old certificates ?

Case 2 : On a server with different hostname. In this case, on that VM, Qlik is already installed on the machine and correctly works. All we need is to restore a backup from another VM (For example to migrate PROD Qlik site to UAT Qlik Site).

In this case, do we need old certificates ?

Thanks

@Keryss my comment above addresses both but its content is more directly gear for case 2.

"when you migrate to a new server with a different hostname you are forced to recreate the certificates since the certificates are tied to the central node's hostname. This means recreating the certificate as mentioned by @David_Friend"

In the scenario of Case 1 then yes backing up the old certificates is ideal

"the backup of the certificates is a useful step when you are restoring to a server with the same hostname"

However, due to the limitations you mentioned previously, you are unable to automate backing up the Service Account personal certificates. I advise manually exporting and backing up the certificates as these change very infrequently, when you manually recreate the certificates for troubleshooting, when you migrate to a new server or change the hostname, and very infrequently for certain upgrades.

So unlike the DB which will require frequent backing up as part of a DR plan, the certs are fairly static and do not require frequent backing up and can be done manually without it being a difficult task.