Solved: Re: Certificate not trusted for remote users - Qlik Community

acarrera · ‎2021-07-10

Hi,

I have recently updated a Qlik Sense server environment to May 2021. I have backed up the certificates prior to installation, and I have imported them back in, but users are getting a message that the certs are not valid on their browsers. On the local machine, the cert is trusted, but on remote connections, it is not. All certs have private keys and I used the service account when working in MMC. When I look at the thumbprint on the remote browser, I don't recognize it.

Qlik articles recommend exporting all certificates, but the proxy is only asking for one thumbprint. There's four "categories" on MMC:

Current User Personal,
Current User Trust Root Certificate Authorities,
Local Computer Personal,
and Local Computer Trusted Root Certification Authorities.

All have certificates. Which thumbprint do I put in the proxy on QMC?

What does a successful standard deployment with a 3rd party certificate look like in MMC?

I have followed these four articles already but I can't get clarity on which thumbprint exactly I should use.

https://help.qlik.com/en-US/sense-admin/May2021/Subsystems/DeployAdministerQSE/Content/Sense_DeployA...

https://community.qlik.com/t5/Knowledge-Base/How-to-recreate-or-just-delete-certificates-in-Qlik-Sen...

https://community.qlik.com/t5/Knowledge-Base/How-to-Change-the-certificate-used-by-the-Qlik-Sense-Pr...

https://community.qlik.com/t5/Knowledge-Base/Qlik-Sense-quot-The-proxy-is-waiting-for-a-new-session-...

Damien_Villaret · ‎2021-07-28

Hello @acarrera

The article you mentioned are mainly to recreate internal Qlik Sense certificates that are used for internal communication between Qlik Sense services.

In order for the certificate presented to users in the browser to be trusted, you need to install and apply a third party certificate in the proxy settings in the QMC.

By default, 3rd party certificates purchased from public Certificate Authorities will be trusted by default. If you want to use a certificate generated yourself, then you need to push the root certificate to all client machines using a domain policy.
https://community.qlik.com/t5/Knowledge-Base/Qlik-Sense-Compatibility-information-for-third-party-SS...

If the issue is solved please mark the answer with Accept as Solution.

View solution in original post

Ranganath_DR · ‎2021-08-01

Hi @acarrera ,

Refer to the below link for your query.

https://community.qlik.com/t5/Knowledge-Base/How-to-change-the-certificate-used-by-the-Qlik-Sense-Pr...

View solution in original post

Damien_Villaret · ‎2021-07-28

Hello @acarrera

The article you mentioned are mainly to recreate internal Qlik Sense certificates that are used for internal communication between Qlik Sense services.

In order for the certificate presented to users in the browser to be trusted, you need to install and apply a third party certificate in the proxy settings in the QMC.

By default, 3rd party certificates purchased from public Certificate Authorities will be trusted by default. If you want to use a certificate generated yourself, then you need to push the root certificate to all client machines using a domain policy.
https://community.qlik.com/t5/Knowledge-Base/Qlik-Sense-Compatibility-information-for-third-party-SS...

If the issue is solved please mark the answer with Accept as Solution.

acarrera · ‎2021-07-30

Hi Damien,

Thanks for your reply. If a Qlik user previously used a commercially available trusted certificate, and I would like to restore it, to where would I import the cert in MMC? Current User or Local Computer? Personal or Trusted Root CA?

Thanks,

Alex

Ranganath_DR · ‎2021-08-01

Hi @acarrera ,

Refer to the below link for your query.

https://community.qlik.com/t5/Knowledge-Base/How-to-change-the-certificate-used-by-the-Qlik-Sense-Pr...

Certificate not trusted for remote users

CA certificates

certificate

Certificate Verification

invalid

proxy

SSL

SSL Thumbprint issue