Skip to main content

Deployment & Management

Discussion board where members learn more about Qlik Sense Installation, Deployment and Management.

Announcements
Welcome to Qlik Community! Check out our new navigation! FIND OUT MORE
cancel
Showing results for 
Search instead for 
Did you mean: 
dirk_fischer
Creator
Creator

Using a certificate from an internal CA for encryption of QVDs and apps

Hi community

 

we try to set up our QlikSense Installation with encryption for QVDs and applications.

 

IT security requests us to use a certificate from our internal CA. In order to get this certificate, we have to specify the purposes for which we want to use it. Up to now, we didn't find anything in the Knowledge  base telling us, which purposes are needed. If we follow the example from the Knowledge base, the self-signed certificate will have the "all purposes" property set.

Does anybody know, what purposes are needed for the encryption to work?

Some hints would be great. Thank you very much for your support.

 

Best regards

Dirk

5 Replies
Bastien_Laugiero

Hello!

Thank you for your question. I have just made a quick test in my environment and "Client Authentication" with "Server Authentication" seem to be sufficient intended purpose for the encryption to work.

Hope this helps!

Bastien Laugiero
If a post helps to resolve your issue, please mark the appropriate replies as CORRECT.
dirk_fischer
Creator
Creator
Author

Hello Bastien

thank you very much. We will then create a CA certificate, give it these purposes and try, if it works. I will let you know, if we are successful.

 

Best regards

 

Dirk

dirk_fischer
Creator
Creator
Author

Hello Bastien
we created the certificate with extended purpose Client Authentication and Server Authentication, but unfortunately it didn't work.

I add the error message we received as well as the property overview of the certificate. It would be great, if you had an idea, what's different between the certificate you used and what we used.
Best regards
Dirk

 

Bastien_Laugiero

Hi and thank you for the feedback.

Could you try to apply this article. This will generate a self signed certificate with only Server Authentication and Client authentication purpose.

If this works, then you will have a point of comparison with your own certificate. 

Hope this helps!

Bastien Laugiero
If a post helps to resolve your issue, please mark the appropriate replies as CORRECT.
dirk_fischer
Creator
Creator
Author

Dear Bastien

 

we tried to exactly this before I posted my question in the forum. After your feedback we created a certificate of the CA with extended key usage Client Authentication / Server Authentication and this created the error I posted yesterday.

Is there somewhere a description, what is causing this error message?

 

Can not open key sounds like there might be a problem caused by a password?

 

Best regatds

 

Dirk