Skip to main content
Announcements
Join us at Qlik Connect for 3 magical days of learning, networking,and inspiration! REGISTER TODAY and save!
cancel
Showing results for 
Search instead for 
Did you mean: 
acarrera
Partner - Contributor II
Partner - Contributor II

Certificate not trusted for remote users

Hi,

I have recently updated a Qlik Sense server environment to May 2021. I have backed up the certificates prior to installation, and I have imported them back in, but users are getting a message that the certs are not valid on their browsers. On the local machine, the cert is trusted, but on remote connections, it is not. All certs have private keys and I used the service account when working in MMC. When I look at the thumbprint on the remote browser, I don't recognize it.

 

Qlik articles recommend exporting all certificates, but the proxy is only asking for one thumbprint. There's four "categories" on MMC:

  1. Current User Personal,
  2. Current User Trust Root Certificate Authorities,
  3. Local Computer Personal,
  4. and Local Computer Trusted Root Certification Authorities.

 

All have certificates. Which thumbprint do I put in the proxy on QMC?

 

What does a successful standard deployment with a 3rd party certificate look like in MMC?

 

 

I have followed these four articles already but I can't get clarity on which thumbprint exactly I should use.

https://help.qlik.com/en-US/sense-admin/May2021/Subsystems/DeployAdministerQSE/Content/Sense_DeployA...

https://community.qlik.com/t5/Knowledge-Base/How-to-recreate-or-just-delete-certificates-in-Qlik-Sen...

https://community.qlik.com/t5/Knowledge-Base/How-to-Change-the-certificate-used-by-the-Qlik-Sense-Pr...

https://community.qlik.com/t5/Knowledge-Base/Qlik-Sense-quot-The-proxy-is-waiting-for-a-new-session-...

 

2 Solutions

Accepted Solutions
Damien_V
Support
Support

Hello @acarrera 

The article you mentioned are mainly to recreate internal Qlik Sense certificates that are used for internal communication between Qlik Sense services.

In order for the certificate presented to users in the browser to be trusted, you need to install and apply a third party certificate in the proxy settings in the QMC.

By default, 3rd party certificates purchased from public Certificate Authorities will be trusted by default. If you want to use a certificate generated yourself, then you need to push the root certificate to all client machines using a domain policy.
https://community.qlik.com/t5/Knowledge-Base/Qlik-Sense-Compatibility-information-for-third-party-SS...

If the issue is solved please mark the answer with Accept as Solution.

View solution in original post

3 Replies
Damien_V
Support
Support

Hello @acarrera 

The article you mentioned are mainly to recreate internal Qlik Sense certificates that are used for internal communication between Qlik Sense services.

In order for the certificate presented to users in the browser to be trusted, you need to install and apply a third party certificate in the proxy settings in the QMC.

By default, 3rd party certificates purchased from public Certificate Authorities will be trusted by default. If you want to use a certificate generated yourself, then you need to push the root certificate to all client machines using a domain policy.
https://community.qlik.com/t5/Knowledge-Base/Qlik-Sense-Compatibility-information-for-third-party-SS...

If the issue is solved please mark the answer with Accept as Solution.
acarrera
Partner - Contributor II
Partner - Contributor II
Author

Hi Damien,

 

Thanks for your reply. If a Qlik user previously used a commercially available trusted certificate, and I would like to restore it, to where would I import the cert in MMC? Current User or Local Computer? Personal or Trusted Root CA?

Thanks,

Alex