In a default Qlik Sense installation, self-signed certificates are generated for the following purposes:
1) Encrypt connection on the hub and QMC for clients (Proxy certificate)
2) Communicate securely between services
However, if you keep the default certificate for the Proxy certificate, the connection will appear as non-trusted on client computers.
Resolution:
There are 2 solutions to make the connection appear as trusted:
1) Use a trusted third-party certificate
This is the preferred method.
See Qlik Sense Hub and QMC with a custom SSL certificate for details.
2) Trust the self-signed certificate
Add the self-signed certificate generated by Qlik Sense to the trusted root certificate store on the client
Warning: This action needs to be performed on each client that uses Qlik Sense. It is recommended that the Active Directory domain administrator configures a domain policy to distribute the certificate to each client.
- On the Qlik Sense certificate, copy the root.pem certificate from C:\ProgramData\Qlik\Sense\Repository\Exported Certificates\.Local Certificates
- On the client, open the mmc console and add the Certificates snap-in for the local computer
- Go to Trusted Root Certification Authorities and import root.pem
- Choose "Yes" on the warning message to verify that you want to trust this certificate.
Warning: Chrome and Internet Explorer use the default Certificate store in Windows, for Firefox you will have to install the certificate in the browser (Tools > Options > Advanced > Certificates: View Certificates)