Skip to main content
Announcements
Join us at Qlik Connect for 3 magical days of learning, networking,and inspiration! REGISTER TODAY and save!
cancel
Showing results for 
Search instead for 
Did you mean: 
Gysbert_Wassenaar

wrong ssl certificate used for login page

Hello,

I have qlik sense server that's configured with a 3rd party ssl certificate. After logging in that certificate is used and the browser is happy with the trustworthy certificate.

However when logging in the form login page (https://server.domain.com:4244/form/?targetId=xyz....etc‌) uses the self-signed certificatate instead of the proper certificate. This is not nice, because now users see warnings in the browser that this an insecure site.

On another site everything works correctly and I don't see differences in how the proxy and virtual proxies are configured. Any help and hints are appreciated.


talk is cheap, supply exceeds demand
1 Solution

Accepted Solutions
simon_minifie
Partner - Creator III
Partner - Creator III

Ok, have you tried removing that binding and applying the signed certificate to it?

View solution in original post

13 Replies
kaushiknsolanki
Partner Ambassador/MVP
Partner Ambassador/MVP

Hi,

Not sure but couple of checks.

1. DNS entry.

2. Host name mapping defined in hosts file of windows server.

Regards,

Kaushik Solanki

Please remember to hit the 'Like' button and for helpful answers and resolutions, click on the 'Accept As Solution' button. Cheers!
Gysbert_Wassenaar
Author

Nope, that's not it. The domain name is fine. It's only on the login page that Qlik Sense uses its own self-signed certificate. Thanks anyway.


talk is cheap, supply exceeds demand
kaushiknsolanki
Partner Ambassador/MVP
Partner Ambassador/MVP

What I understand is when a request is made from browser to Qlik Sense, it checks for the Proxy SSL certificate if it is not available or access is not allowed then it will use the self signed certificate.

What you think on this.

If this is the case then Help site says below.

When editing a proxy certificate as a user without admin privileges, you need to run the repository in bootstrap mode before the changes take effect.


Regards,

Kaushik Solanki

Please remember to hit the 'Like' button and for helpful answers and resolutions, click on the 'Accept As Solution' button. Cheers!
Gysbert_Wassenaar
Author

Yeah ok. But the QS proxy does have access to the SSL certificate. After logging in it uses that certificate and the browser is happy. It's only on the login page that the self-signed certificate is used. It's like it uses the right certificate for port 443 but still uses the self-signed certificate for port 4244. And this does not happen on another QS site we have. There the self-signed certificate is never presented to the users browser.


talk is cheap, supply exceeds demand
simon_minifie
Partner - Creator III
Partner - Creator III

Hi Gysbert,

The SSL certificate is bound to port 443 which is why it's presented there.

If you want the same for the form login page, you will also need to bind it to 4244. You are specifying the port number in the URL, so you can't expect it to use the certificate bound to port 443.

best regards,

Simon

Gysbert_Wassenaar
Author

So why does it work on my other qlik sense site?


talk is cheap, supply exceeds demand
simon_minifie
Partner - Creator III
Partner - Creator III

Actually, that's a very good point. It should automatically bind to both ports.

Open up a command prompt on the server and have a look at the 'netsh http show sslcert'

The same certificate hash should be bound to 443 and 4244

Gysbert_Wassenaar
Author

That's what I thought. But I when I checked the the self-signed certificate was (and is) bound to port 4244.


talk is cheap, supply exceeds demand
simon_minifie
Partner - Creator III
Partner - Creator III

Ok, have you tried removing that binding and applying the signed certificate to it?