Hello, we recently deployed Qlik Sense on a Windows EC2 instance, and we are trying to replace the default AWS certificate with a self-signed cert. To do so we took the following steps:

1. Generated an SSL cert (detailed steps below)
2. Imported this cert to the MMC
   1. The fullchain cert is in the personal store, the intermediate cert is in the Intermediate Certification Authorities Store, and the root cert is in the Trust Root Certification Authorities Store.
3. Gave the qlik service user read access to the private key
4. Verified the certificate status of the fullchain cert reads "This certificate is OK."
5. Added the thumbprint of the cert to the central proxy in the QMC
6. Added the domain to the host allowlist in the virtual proxy configuration
7. Restarted the qlik sense services

We are able to access the qlik sense hub from the domain we configured, but we get an invalid certificate error, and it shows that it is using the default AWS certificate rather than the one we configured. The security proxy logs contain the error "Couldn't find a valid ssl certificate with thumbprint <thumbprint>", where the thumbprint is that of our SSL certificate, followed by "Reverting to default Qlik Sense SSLCertificate".

Searching around led us to this article, but as mentioned above, we've verified that the certs are in their proper stores.

Any assistance would be appreciated, thanks!

Detailed steps about how the cert was generated:

1. Followed these instructions to set up CertBot on Windows
   1. Certificate is saved at: C:\Certbot\live\my-domain\fullchain.pem
   2. Key is saved at: C:\Certbot\live\my-domain\privkey.pem
2. Installed Git for Windows to get OpenSSL
3. Converted the fullchain1.pem cert chain to a .crt file
   1. ```openssl x509 -in C:\Certbot\archive\my-domain\fullchain1.pem -out C:\Certbot\archive\my-domain\fullchain1.crt```
4. Converted just the root CA cert to a .crt file
   1. ```openssl x509 -in C:\Certbot\archive\my-domain\cert1.pem -out C:\Certbot\archive\my-domain\cert1.crt```
5.  Generated a pcks12 file containing the full chain, private key, and root cert
   1.  ```openssl pkcs12 -export -out fullchain1.pfx -inkey C:\Certbot\archive\my-domain\privkey1.pem -in C:\Certbot\archive\my-domain\fullchain1.crt -certfile C:\Certbot\archive\my-domain\cert1.crt```