Security scan reports the use of self signed certificates in Qlik Sense Enterprise on Windows

This is working as designed. Qlik Sense Enterprise on Windows uses self signed certificates for service communication (Certificates | Qlik Sense for administrators Help) and as the out-of-the-box proxy certificate.

This is not considered a security vulnerability.

If you have run a security scan and receive reports of vulnerabilities which are of concern to you, see Qlik Security Vulnerability Policy on how to report them to Qlik.

Resolution

To improve the security of your system, consider the following actions:

• How to change the certificate used by the Qlik Sense Proxy to a custom third party certificate 
• How to: Redirect HTTP to HTTPS in Qlik Sense
• HTTP Strict Transport Security (HSTS) in Qlik Sense
• Configuring preferred cipher suites for Qlik License Service in Qlik Sense Enterprise on Windows 

Environment

• Qlik Sense Enterprise on Windows