Skip to main content
Announcements
Have questions about Qlik Connect? Join us live on April 10th, at 11 AM ET: SIGN UP NOW
cancel
Showing results for 
Search instead for 
Did you mean: 
prees959
Creator II
Creator II

HTTPS on Qlikview Server

Hi,

 

I have just successfully installed an SSL on a QlikSense server which was quite straightforward.

We have a wildcard SSL - so I wish to install the same  Cert on a separate QlikvView Server.  I have copied it across and installed in via the MMC.  

As well as selected port 443 and ticking HTTPS in QMC  - what else do I have to do to ensure it works?

 

Many thans,

 

Phil

 

Labels (4)
8 Replies
chriscammers
Partner - Specialist
Partner - Specialist

Hey Phil,

  1. First, you need to bind the Cert to the port, so just as you did for the Qlik Sense server get the thumbprint from the certificate.
  2. Open the command prompt as administrator
  3.  Enter the folling command
    • netsh http add sslcert ipport=0.0.0.0:443 certhash=0000000000003ed9cd0c315bbb6dc1c08da5e6 appid={00112233-4455-6677-8899-AABBCCDDEEFF}
    • The IP Address listed above is the IP Address that should be used, do not use the actual IP of the machine
    • The certhash parameter specifies the thumbprint of the certificate.
    • The appid parameter is a GUID that can be used to identify the owning application, you can use any GUID generator to get one.
  4. To verify the registration of the certificate, use netsh http show sslcert.
prees959
Creator II
Creator II
Author

Hi,

Thanks for the reply!

I've done as you have suggested and my powershell output is

SSL Certificate bindings:
-------------------------

IP:port : 0.0.0.0:443
Certificate Hash : fdxxxxxxxxxxxxxxxxxxxxx0
Application ID : {4fxxxxxxx-fxxxxxxxx1-xxx1-7bxxxxxxxxxxx43}
Certificate Store Name : (null)
Verify Client Certificate Revocation : Enabled
Verify Revocation Using Cached Client Certificate Only : Disabled
Usage Check : Enabled
Revocation Freshness Time : 0
URL Retrieval Timeout : 0
Ctl Identifier : (null)
Ctl Store Name : (null)
DS Mapper Usage : Disabled

I have also checked port 443 / Https in QMC and restarted the services.

I have  also checked that the inbound rule for port 443 is open on the firewall.

When i then try https://myip  , I get :

This site can’t be reached

The connection was reset.

Try:

ERR_CONNECTION_RESET
 
 
Any ideas?
 
Much appreciated.
 
Phil

 

 

 

 

chriscammers
Partner - Specialist
Partner - Specialist

 

Did you try https://yourAddress/Qlikview

I don't think Qlikview server will automatically redirect you to the access point so you have to be specific.

 

Sonja_Bauernfeind
Digital Support
Digital Support

Hello Phil,

@chriscammers has been spot on so far in all the instructions given to you, and it sounds like you followed them correctly. His suggestion on the URL is also spot on. It needs to be the full path to the AccessPoint, including the /qlikview path in the URL.

You can cross check against one of our articles around that, which also includes a hint on how to check the logs afterwards to verify if the QlikView webserver has bound itself correctly to port 443. See here (000002484) for details. 

/Sonja

Don't forget to Like posts and use the "Accept as Solution" button on content that answered your question! Thanks 🙂
chriscammers
Partner - Specialist
Partner - Specialist

Thanks Sonja!
prees959
Creator II
Creator II
Author

Hi @Sonja_Bauernfeind ,

Thanks for your suggestions...

Here is the most recent lof entry :

20190322T135529.579+0000 Information Configured directories
20190322T135529.580+0000 Information Load Settings from: C:\ProgramData\QlikTech\WebServer\config.xml
20190322T135529.637+0000 Information register prefix: "https://+:443/qvajaxzfc/"
20190322T135529.638+0000 Information register prefix: "https://+:443/scripts/"
20190322T135529.638+0000 Information register prefix: "https://+:443/qlikview/"
20190322T135529.638+0000 Information register prefix: "https://+:443/qvdesktop/"
20190322T135529.638+0000 Information register prefix: "https://+:443/qvplugin/"
20190322T135529.639+0000 Information register prefix: "https://+:443/"
20190322T135529.654+0000 Information Start normally.
20190322T135529.662+0000 Information Connect to server: myserver
20190322T135529.799+0000 Information Success Connect to: myserver
20190322T135529.802+0000 Information Sending to 'myserver:4747': <Global method="QvVersion"></Global>
20190322T135529.805+0000 Information Received from 'myserver:4747': <Global><_retval_>12.30.20000.0</_retval_></Global>
20190322T135529.808+0000 Information Attempting to start QVWS soap server at port 4750...
20190322T135529.850+0000 Information Service host started.
20190322T135543.603+0000 Information Load Settings from: C:\ProgramData\QlikTech\WebServer\config.xml
20190322T135614.053+0000 Information Load Settings from: C:\ProgramData\QlikTech\WebServer\config.xml

 

Does it matter that we have a wildcard SLL *.mydomain.com ?

 

I'm still getting a This Site Can't be Reached Error.... even when trying https://myserver.com/qlikview

Sonja_Bauernfeind
Digital Support
Digital Support

This means that the server is listening on port 443, it won't specify what URL it is available on, or what URL the certificate is for.

Have you tried accessing https://localhost/qlikview (typed exactly like this) from the machine directly where the WebServer is hosted?

Or https://YOURIPHERE/qlikview (where YOURIP is the IP address returned when you do ipconfig in the command prompt on that server)?

 

Don't forget to Like posts and use the "Accept as Solution" button on content that answered your question! Thanks 🙂
Brett_Bleess
Former Employee
Former Employee

One point of clarification, as I do not see that anyone clarified this, are you using the QlikView Web Server service or the QlikView Settings service in this case?  The latter would be used with the IIS web server, and if you are using IIS, then the cert needs to be configured via the IIS Manager etc.  Just wanted to be sure we had not missed something easy on this one.  

Regards,
Brett

To help users find verified answers, please do not forget to use the "Accept as Solution" button on any post(s) that helped you resolve your problem or question.
I now work a compressed schedule, Tuesday, Wednesday and Thursday, so those will be the days I will reply to any follow-up posts.