Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Join us at Qlik Connect for 3 magical days of learning, networking,and inspiration! REGISTER TODAY and save!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Clever_Anjos
Employee
Employee
‎2017-03-02 09:45 AM

Sense unable to locate a ssl certificate

i´m not beeing able to make my Sense box use a valid SSL certificate

Error message  Couldn't find a valid ssl certificate with thumbprint

Steps taken so far:

  • SSL certificate imported under MMC/Certificates/Local Computer/Personal

Capturar.PNG

  • Proxy configured with the thumbprint
  • Proxy service restarted

Trace log

Sequence#LevelLoggerThreadServiceUserMessage
1INFOSecurity.Proxy.Qlik.Sense.Common.Security.Cryptography.LoggingDigester1WIN-8JETLOID025\qsappSetting crypto key for log file secure signing: success
2INFOSecurity.Proxy.Qlik.Sense.Common.Security.Cryptography.SecretsKey9WIN-8JETLOID025\qsappretrieving symmetric key from cert: success
3INFOSecurity.Proxy.Qlik.Sense.Common.Security.Cryptography.CryptoKey9WIN-8JETLOID025\qsappsetting crypto key: success
4WARNSecurity.Proxy.Qlik.Sense.Communication.Security.CertSetup9WIN-8JETLOID025\qsappNo private key found for certificate 'CN=sense.meubi.com.br, OU=PositiveSSL, OU=Domain Control Validated' (1F284854608E80E245D7B640849BB03FE819048F)
5WARNSecurity.Proxy.Qlik.Sense.Communication.Security.CertSetup9WIN-8JETLOID025\qsappCouldn't find a valid ssl certificate with thumbprint 1f 28 48 54 60 8e 80 e2 45 d7 b6 40 84 9b b0 3f e8 19 04 8f
6WARNSecurity.Proxy.Qlik.Sense.Communication.Security.CertSetup9WIN-8JETLOID025\qsappReverting to default Qlik Sense SSLCertificate
INFOSecurity.Proxy.Qlik.Sense.Communication.Security.CertSetup9WIN-8JETLOID025\qsappSet certificate 'CN=WIN-8JETLOID025' (047E90CF18BF749E1EF503E674C2B90960D04E51) as SSL certificate presented to browser
6,315 Views
0 Likes
1 Solution

Accepted Solutions
jaisoni_trp
Creator II
Creator II
‎2017-03-02 10:22 AM

I would check couple of things here:

a) Does the certificate have private key i.e. do you see a key icon in certificate?

b) Double check if its stored on correct location.

View solution in original post

4,877 Views
8 Replies
jaisoni_trp
Creator II
Creator II
‎2017-03-02 10:22 AM

I would check couple of things here:

a) Does the certificate have private key i.e. do you see a key icon in certificate?

b) Double check if its stored on correct location.

4,878 Views
jaisoni_trp
Creator II
Creator II
‎2017-03-02 10:24 AM

In response to jaisoni_trp

Per Qlik:

The definition of an invalid certificate is as follows:

  • The operating system considers the certificate to be too old or the certificate chain is incorrect or incomplete.
  • The Qlik Sense certificate extension (OID “1.3.6.1.5.5.7.13.3”) is missing or does not reflect the location of the certificate:
    • Current User/Personal certificate location: Client
    • Local Machine/Personal certificate location: Server
    • Local Machine/Trusted Root certificate location: Root
    • Current User/Trusted Root certificate location: Root
  • The server, client, and root certificates on the central node do not have a private key that the operating system allows them to access.
  • The server and client certificates are not signed by the root certificate on the machine.
4,877 Views
0 Likes
Clever_Anjos
Employee
Employee
‎2017-03-02 10:30 AM
Author

In response to jaisoni_trp

>>a) Does the certificate have private key i.e. do you see a key icon in certificate?

Where should I find that icon?

4,877 Views
0 Likes
jaisoni_trp
Creator II
Creator II
‎2017-03-02 10:45 AM

In response to Clever_Anjos

In MMC on the certificate. Capture.PNG

4,877 Views
0 Likes
Clever_Anjos
Employee
Employee
‎2017-03-03 06:07 AM
Author

In response to jaisoni_trp

Here?

I don´t have that icon.

Could you kindly guide me how to create/obtain it?

Capturar.PNG

4,877 Views
Clever_Anjos
Employee
Employee
‎2017-09-15 02:11 PM
Author

Closing the topic.

The certificate was issued without the private key.

4,877 Views
0 Likes
Clever_Anjos
Employee
Employee
‎2017-09-15 02:12 PM
Author

In response to jaisoni_trp

a) Does the certificate have private key i.e. do you see a key icon in certificate?

4,877 Views
0 Likes
Morteza561
Contributor II
Contributor II
‎2023-03-11 11:56 AM

I had a weird problem about this error and I've finally resovled it!

This was what I was getting in Security_Proxy Log:


Current version of .NET does not support the private key algorithm for certificate

 

I've got my SSL from Let's Encrypt Certbot and the problem was (according to the documentation)  key file's encryption algorythm!

https://eff-certbot.readthedocs.io/en/stable/using.html

 

I've came up with the idea of changing the algorithm by adding "--key-type rsa" to the end of my command and it worked like charm!

full command:

certbot certonly --manual --preferred-challenges=dns --email xxx@yyy.com --server https://acme-v02.api.letsencrypt.org/directory --agree-tos -d *.example.com --key-type rsa

1,551 Views
0 Likes