Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Qlik Connect 2024! Seize endless possibilities! LEARN MORE
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Anonymous
Not applicable
‎2018-11-07 03:51 AM

Qlik Certificate Error

Hi,

i'm trying to get a ticket-id from the qlik api for severaly days now and it seems i can't get any further with this on my own..

so, i exportet the certificate as pem files from the qms and stored them locally.

Now i want to make a php/curl post request for getting a ticket. My code looks as follows.(quite similar to the example i found in the documentation)

$urlbase = "https://myserver:4243/qps/ticket";
$xrf = "0123456789abcdef";
$url = $urlbase . "?Xrfkey=".$xrf;
//Set up the required headers

$ch = curl_init($url);


$QRSCertfile = "mypathto\client.pem";
$QRSCertkeyfile = "mypathto\client_key.pem";
$QRsRoot = "SSL\croot.pem";

$headers = array(
   "UserId"=>"Administrator",
   "UserDirectory"=> "CENTRAL",
);

//Create Connection using Curl
$ch = curl_init($url);

curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLINFO_HEADER_OUT, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $headers);
curl_setopt($ch, CURLOPT_SSLCERT, $QRSCertfile);
curl_setopt($ch, CURLOPT_SSLKEY, $QRSCertkeyfile);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_CERTINFO, 1);
$response = curl_exec($ch);
print_r([curl_getinfo($ch),$response]);



The response i get is a 403, with the following informations:


[http_code] => 403 [header_size] => 254

[request_size] => 204 [filetime] => -1

[ssl_verify_result] => 20

[redirect_count] => 0

[total_time] => 0.312

[namelookup_time] => 0.094

[connect_time] => 0.125

[pretransfer_time] => 0.281

[size_upload] => 263

[size_download] => 55 [speed_download] => 55

[speed_upload] => 263

[download_content_length] => -1

[upload_content_length] => 263

[starttransfer_time] => 0.281

[redirect_time] => 0

[certinfo] => Array ( [0] => Array ( [Subject] => CN = qlik-sense [Issuer] => CN = qlik-sense-CA [Version] => 2 [Serial Number] =>....


after serial number follows a lot of cryptic information, which is why i guess that the certificate is found and used..

the response body contains this information:


XSRF prevention check failed. Possible XSRF discovered. )


so, i would be really grateful if someone could tell me the reason for this issue.

Is there a need to give curl the other pem files (server,server_key,root) and how do i do this? Or is anything wrong with my xrf-syntax?

I googled a lot, but couldn't find a proper solution.


Thanks in advance



Edit:

I managed to find whats wrong with my XRF, had to mention it in the header. But the Certificate Problem isn't solved yet.


Edit2:

Added the root certificate to my cacert.pem, now i get ssl_verify_result 0 instead of twenty. But still responsecode 400. I

854 Views
0 Likes
0 Replies