Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
Oct 3, 2024 1:53:17 AM
May 22, 2023 8:59:03 AM
After upgrading from Windows 10 to Windows 11, or applying certain patches to Windows Server 2016, Qlik Replicate may not load in the browser.
The following error is displayed:
ERR_SSL_KEY_USAGE_INCOMPATIBLE
Data Integration Products November 2021.11 or lower require a manual generation of SSL certificates for use. See Step 5 (options one and two) in the solution provided below.
Environment
Qlik Replicate 2022.11 (may happen with other versions)
Qlik Compose 2022.5 (may happen with other versions)
Qlik Enterprise Manager 2022.11 (may happen with other versions)
Use of the self-signed SSL certificate
Windows 11
Windows server 2016
Resolution
This issue has to do with the self-signed SSL certificate. Deleting the existing one and allowing Qlik Replicate/Compose/Enterprise Manager to regenerate them resolves the issue.
- Stop the services for all affected software. Example: AttunityReplicateUIConsole, Qlik Compose or Qlik Enterprise Manager.
- (This step only applies to Qlik Replicate) Rename the data folder under the SSL folder (\Program Files\Attunity\Replicate\data\ssl\data)
- Delete self-signed certificates in the management console
- Open a command prompt and enter MMC to open the console (on Windows Server, open "Manage computer certificates")
- Click the File drop-down menu and select Add/Remove snap-in
- Select Certificates and click Add
- Select Computer account. Click Next, then click Finish.
- Click OK to close the Add or Remove Snap-ins window
- Open Certificates and navigate to Local Computer, then Personal, then Certificates
- In the list of certificates shown, select the certificates where the "Issued To" value and the "Issued By" value equal your computer name and delete them.
- Close the Management Console.
- Next we will remove the reference to the self-signed certificate in Qlik Replicate:
- Open a command prompt As Administrator
For Qlik Replicate:
Navigate to the ..\Attunity\Replicate\bin directory and then run the following command:
RepUiCtl.exe certificate clean
Navigate to the ..\Qlik\Compose\bin directory and then run the following command:
For Qlik Compose:
ComposeCtl.exe certificate clean
For Qlik Enterprise Manager:
Navigate to the ..\Attunity\Enterprise Manager\bin directory and then run the following command:
aemctl.exe certificate clean - Run the command: netsh http delete sslcert ipport=0.0.0.0:443
Note, that you may get a message that the command failed in the event there are no certificates bound to the port. This message can be ignored.
- Open a command prompt As Administrator
- Add either a self-signed Certificate or a trusted and signed Organization Certificate.
Option One: Trusted and Signed Certificate. Generate an organization certificate that must be a correctly configured SSL PFX file containing both the private key and the certificate.
Option Two: Self-Signed Certificate. Generate a self-signed certificate on the server to replace the existing self-signed certificate. The provided PowerShell examples generate an SSL certificate for 10 years.
Run the following in PowerShell:
$cert = New-SelfSignedCertificate -certstorelocation cert:\localmachine\my -dnsname <FQDN> -NotAfter (Get-Date).AddYears(10) - Once the certificates have been obtained or generated, follow the instructions for the individual product section on how to import a certificate:
- Start the services.
- You may need to clear browser cache/cookies & etc. before you can access the web page outside of incognito mode.
Qlik Replicate will now allow you to open the user interface once again.
If users still cannot log in and are returned to the log in prompt at each attempt, see How to change the Qlik Replicate URL on a Windows host.It is recommended to use your organization certificates
Related Content:
How to change the Qlik Replicate URL on a Windows host
