Skip to main content

Qlik Community

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Deployment & Management

Discussion board where members learn more about Qlik Sense Installation, Deployment and Management.

Announcements
Action-Packed Learning Awaits! QlikWorld 2023. April 17 - 20 in Las Vegas: REGISTER NOW
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
hsv_vijay
Partner - Contributor
Partner - Contributor
‎2020-07-15 07:19 AM

Qlik sense - SSL certificate installation

Hi,

Need help in installing the SSL certificate installation on a Qlik sense server.

Ex:

1. We have a domain <abc.com>. Qlik server  is installed on an AWS EC2 instance with hostname as "qlikserver". So, my server would be "qlikserver.abc.com".

2. The users will be able to access the hub using "https://qserv.abc.com/hub". The name "qserv" is mapped to "qlikserver" (DNS mapping)

Here, my doubt is that if the CSR (Certificate signing request) is generated to "qserv.abc.com" and in turn the certificate is generated on this  name. Will the users be able to use the previous link without any issues (meaning, without any warning message while connecting to hub).

Please suggest if this is the correct way or am I missing anything here

Note: I am aware of the Warning message which we get while the SSL certificates are not installed.

Thanks in Advance

532 Views
0 Likes
2 Replies
Levi_Turner
Employee
Employee
‎2020-07-15 08:56 AM

Modern web browsers validate whether a SSL certificate is "valid" by using a number of factors, but for this purpose the primary one is the DNS Name elements(s) in the Subject Alternative Name attribute. Let's take this certificate which was presented on www.google.com:

123.png

 

This same certificate would be considered valid on example.google.com and example.android.com. There are a ton of those for that certificate, but this points to the ultimate route you'll want to take. With the DNS Name attribute, if you want coverage for server.company.com and alias.company.com then you'd want to have each of those listed as DNS Names in the CSR. Alternatively you may be able to request a wildcard certificate (*.company.com) which will accomplish the same goal. Wildcard certificates can be frowned upon by many organizations, so inquire with the CA you're working with whether that request would be considered acceptable.

508 Views
0 Likes
hsv_vijay
Partner - Contributor
Partner - Contributor
‎2020-07-23 10:23 AM
Author

In response to Levi_Turner

Hi,

Thanks for the reply. I will try it and update on the same thread

 

Regards,
Sai

471 Views
0 Likes