Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
dirk_fischer
Creator
Creator
‎2021-03-10 11:25 AM

Using a certificate from an internal CA for encryption of QVDs and apps

Hi community

 

we try to set up our QlikSense Installation with encryption for QVDs and applications.

 

IT security requests us to use a certificate from our internal CA. In order to get this certificate, we have to specify the purposes for which we want to use it. Up to now, we didn't find anything in the Knowledge  base telling us, which purposes are needed. If we follow the example from the Knowledge base, the self-signed certificate will have the "all purposes" property set.

Does anybody know, what purposes are needed for the encryption to work?

Some hints would be great. Thank you very much for your support.

 

Best regards

Dirk

737 Views
0 Likes
5 Replies
Bastien_Laugiero
Support
Support
‎2021-03-11 02:53 AM

Hello!

Thank you for your question. I have just made a quick test in my environment and "Client Authentication" with "Server Authentication" seem to be sufficient intended purpose for the encryption to work.

Hope this helps!

Bastien Laugiero
If a post helps to resolve your issue, please mark the appropriate replies as CORRECT.
698 Views
0 Likes
dirk_fischer
Creator
Creator
‎2021-03-11 09:57 AM
Author

Hello Bastien

thank you very much. We will then create a CA certificate, give it these purposes and try, if it works. I will let you know, if we are successful.

 

Best regards

 

Dirk

687 Views
0 Likes
dirk_fischer
Creator
Creator
‎2021-03-11 10:49 AM
Author

In response to Bastien_Laugiero

Hello Bastien
we created the certificate with extended purpose Client Authentication and Server Authentication, but unfortunately it didn't work.

I add the error message we received as well as the property overview of the certificate. It would be great, if you had an idea, what's different between the certificate you used and what we used.
Best regards
Dirk

 

Preview file
61 KB
Preview file
64 KB
685 Views
0 Likes
Bastien_Laugiero
Support
Support
‎2021-03-12 03:59 AM

Hi and thank you for the feedback.

Could you try to apply this article. This will generate a self signed certificate with only Server Authentication and Client authentication purpose.

If this works, then you will have a point of comparison with your own certificate. 

Hope this helps!

Bastien Laugiero
If a post helps to resolve your issue, please mark the appropriate replies as CORRECT.
676 Views
0 Likes
dirk_fischer
Creator
Creator
‎2021-03-12 04:15 AM
Author

In response to Bastien_Laugiero

Dear Bastien

 

we tried to exactly this before I posted my question in the forum. After your feedback we created a certificate of the CA with extended key usage Client Authentication / Server Authentication and this created the error I posted yesterday.

Is there somewhere a description, what is causing this error message?

 

Can not open key sounds like there might be a problem caused by a password?

 

Best regatds

 

Dirk

673 Views