Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Woohoo! Qlik Community has won “Best in Class Community” in the 2024 Khoros Kudos awards!
Announcements
Nov. 20th, Qlik Insider - Lakehouses: Driving the Future of Data & AI - PICK A SESSION

QlikView May 2023 (12.80): new, stronger encryption, and certificates

No ratings
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Daniele_Purrone
Support
Support

QlikView May 2023 (12.80): new, stronger encryption, and certificates

Last Update:

May 22, 2023 8:59:13 AM

Updated By:

Daniele_Purrone

Created date:

May 22, 2023 8:56:32 AM

QlikView 12.80 will now move, by default, to the AES 256 GCM encryption mode.

By default, new certificates will be created using the new mode.

When upgrading a system that is already using certificates, the system will work as it is in the old, less secure, mode AES 256 CBC.

This article will detail how to upgrade an existing installation with the new, more secure, certificates.

Environment

  • QlikView May 2023 (12.80) IR or higher

 

Instructions for upgrading QlikView with new certificates mode (GCM) 


Before implementing this, TLS 1.2 or higher has to be enabled for QVS to work normally. Check this article for details on how to do that.


  1. Perform the upgrade on all machines in the cluster. 

  2. After completion, the installer will ask you to restart the machine/s.

  3.  After the restart, stop all the running QlikView services

  4. Open "C:\Program 
    Files\QlikView\Management Service\QVManagementService.exe.config" and apply 
    the following config change :

    <add key="InstallingNewCertificatesAndCryptoKey" value="true"></add>

  5. All services in a cluster need a new certificate.
    For each clustered service, with the exclusion of the QlikView Server services and License (Dispatcher) Services, edit the:
    C:\Program 
    Files\QlikView\NAMEOFTHESERVICE\QVNAMEOFTHESERVICE.exe.config file to contain 

    <add key="InstallingNewCertificatesAndCryptoKey" value="true"></add> 

  6. For QlikView Server nodes, edit the settings.ini file at "C:\ProgramData\QlikTech\QlikViewServer\Settings.ini" and add the line 
    InstallingNewCertificatesAndCryptoKey=1 to the "Settings 7" section

  7.  Start the QMS first and then rest of all services

  8. In the QlikView Management Console, navigate to the "System" and open the "Setup" subtab.

  9. For each service:

    1. Select a service, and then click the "General" tab.
    2. Click the Apply button in the bottom right of the window, and then follow the instructions to install the certificate.
    3. Repeat the above procedure for each service (in any order)

     

  10. Shut down all QlikView services (in any order).
  11. Disable the flag InstallingNewCertificatesAndCryptoKey for all services (previously enabled in steps 4, 5, and 6)
  12.  Start the QlikView Management Service
  13.  Start all other services

     

See the help-site for more details about the process above.

NOTE: in case a downgrade to 12.70 is needed, after downgrading you will need to recreate the encryption data by following this article.

 

QlikView
Thumbnail of QlikView
QlikView
1,756 Views
Was this article helpful? Yes No
Contributors
Version history
Last update:
‎2023-05-22 08:59 AM
Updated by:
Support