Skip to main content
Announcements
Have questions about Qlik Connect? Join us live on April 10th, at 11 AM ET: SIGN UP NOW
cancel
Showing results for 
Search instead for 
Did you mean: 
robb183
Contributor III
Contributor III

problem on embedded mode and REST call with .pfx certificates

Hi everybody
after upgrade version from Sense cm November 2019 to Sense CM February 2022, in a multi node environment:
the access to the app by another application on embedded mode does not work.

The servers of 3' part use rest call to server qlik and using certificate client.pfx and server.pfx generated from Qlik Central node.

The rest call to app  returns an error:

https: //qap.CUSTOMERNAME.com/single/? appid = 9a972d68-f5ad-49fa-aefe-ffc8dc143e4d & sheet = 31157b1f-5f6d-4d96-8e60-e70527f0835e & opt = currsel & select = clearall 
here the token is missing

the rest procedure to get the ticket reports the error message:

" Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target "

Tips?

Thakyou

Roberto

 

 

@Anonymous @itsupport 

Labels (1)
5 Replies
Eugene_Sleator
Support
Support

hi @robb183  before you upgraded did you back up the SSL certificates? 

robb183
Contributor III
Contributor III
Author

Hi @Eugene_Sleator  yes, i made a backup copies.

During installation, the attached screen appeared.

robb183_1-1657546810417.png

 

 

Best regardes Robb

Eugene_Sleator
Support
Support

Hi @robb183  is this the only issue that you have since the upgrade. Is the site otherwise working as it should?  

robb183
Contributor III
Contributor III
Author

Hi @Eugene_Sleator 

No that's not the only problem I had during the update.

I solved this by replacing the new certificates generated by Qlik client.pfx on third-party servers from which end users log in in embedded mode.

I have posted here another problem

https://community.qlik.com/t5/Deployment-Management/No-new-entry-available-in-Virtual-Proxy-JWT-inva...

another problem whose solution I am not yet clear about: it concerns the addition of a new record in the allowed list of the virtual proxy service.

Virtul proxy jwt based with pem certificate generate from QMC.

The solution suggested in the post is not clear to me.

After the update the virtual proxy how to configure before the update works but does not allow to insert / add new addresses to the Allow list.

I cannot modify the virtual proxy because several third-party production servers are correctly configured and working with the current virtual proxy service, I need to add a new one in the Allow list but QMC does not accept new entry and reports the error indicated in the screenshot

 

Eugene_Sleator
Support
Support

Hi @robb183  at this point I would suggest that you open a support case as your logs will need to be reviewed. 

Support