Qlik Community

New to Qlik Sense

If you’re new to Qlik Sense, start with this Discussion Board and get up-to-speed quickly.

Announcements
Customer & Partners, DEC. 9, 11 AM ET: Qlik Product & Strategy Roadmap Session: Data Analytics REGISTER NOW
cancel
Showing results for 
Search instead for 
Did you mean: 
acarrera
Partner
Partner

Certificate not trusted for remote users

Hi,

I have recently updated a Qlik Sense server environment to May 2021. I have backed up the certificates prior to installation, and I have imported them back in, but users are getting a message that the certs are not valid on their browsers. On the local machine, the cert is trusted, but on remote connections, it is not. All certs have private keys and I used the service account when working in MMC. When I look at the thumbprint on the remote browser, I don't recognize it.

 

Qlik articles recommend exporting all certificates, but the proxy is only asking for one thumbprint. There's four "categories" on MMC:

  1. Current User Personal,
  2. Current User Trust Root Certificate Authorities,
  3. Local Computer Personal,
  4. and Local Computer Trusted Root Certification Authorities.

 

All have certificates. Which thumbprint do I put in the proxy on QMC?

 

What does a successful standard deployment with a 3rd party certificate look like in MMC?

 

 

I have followed these four articles already but I can't get clarity on which thumbprint exactly I should use.

https://help.qlik.com/en-US/sense-admin/May2021/Subsystems/DeployAdministerQSE/Content/Sense_DeployA...

https://community.qlik.com/t5/Knowledge-Base/How-to-recreate-or-just-delete-certificates-in-Qlik-Sen...

https://community.qlik.com/t5/Knowledge-Base/How-to-Change-the-certificate-used-by-the-Qlik-Sense-Pr...

https://community.qlik.com/t5/Knowledge-Base/Qlik-Sense-quot-The-proxy-is-waiting-for-a-new-session-...

 

2 Solutions

Accepted Solutions
Damien_Villaret
Support
Support

Hello @acarrera 

The article you mentioned are mainly to recreate internal Qlik Sense certificates that are used for internal communication between Qlik Sense services.

In order for the certificate presented to users in the browser to be trusted, you need to install and apply a third party certificate in the proxy settings in the QMC.

By default, 3rd party certificates purchased from public Certificate Authorities will be trusted by default. If you want to use a certificate generated yourself, then you need to push the root certificate to all client machines using a domain policy.
https://community.qlik.com/t5/Knowledge-Base/Qlik-Sense-Compatibility-information-for-third-party-SS...

If the issue is solved please mark the answer with Accept as Solution.

View solution in original post

3 Replies
Damien_Villaret
Support
Support

Hello @acarrera 

The article you mentioned are mainly to recreate internal Qlik Sense certificates that are used for internal communication between Qlik Sense services.

In order for the certificate presented to users in the browser to be trusted, you need to install and apply a third party certificate in the proxy settings in the QMC.

By default, 3rd party certificates purchased from public Certificate Authorities will be trusted by default. If you want to use a certificate generated yourself, then you need to push the root certificate to all client machines using a domain policy.
https://community.qlik.com/t5/Knowledge-Base/Qlik-Sense-Compatibility-information-for-third-party-SS...

If the issue is solved please mark the answer with Accept as Solution.

View solution in original post

acarrera
Partner
Partner
Author

Hi Damien,

 

Thanks for your reply. If a Qlik user previously used a commercially available trusted certificate, and I would like to restore it, to where would I import the cert in MMC? Current User or Local Computer? Personal or Trusted Root CA?

Thanks,

Alex