Hi Lech, 

Thank you for your reply.

I have already gone through the link that you have provided. That was not helpful to my scenario and that doesn't answer my question.

Waiting for more relevant answers.

So which part you did not understand from my link?

as i said you need certificate on pem format and private key. That makes 2 separate files.  This is the only format nprinting accepts!

do you have a password to extract private key from pfx file?

without password you will not be able to proceed

Hi Lech,

I have found the below Qlik support article for the requirement am looking for. Hope it would be helpful to others with similar requirement.

https://support.qlik.com/articles/000043517-- How to convert a certificate for NPrinting to the .key and .crt files for HTTPS/SSL in the Web Console and/or the NewsStand

Before following the steps mentioned in the above article, I have installed OpenSSL following the steps mentioned in Qlik help portal. https://help.qlik.com/en-US/nprinting/April2019/Content/NPrinting/DeployingQVNprinting/Installing-SS...

I have followed all the steps from 1 to 6 in https://support.qlik.com/articles/000043517 except 3 as while extracting .key file from .pfx, it didn't ask me for a passphrase. All the steps went well and after restarting web engine, web console and newsstand URLs both using IP address and DNS are not working. so strange!!

Below are the log files. Could you please suggest a solution

Thank you in advance

Hi,

You said: "I have followed all the steps from 1 to 6 in https://support.qlik.com/articles/000043517 except 3...."

that indicates to me that in your .pfx file there was no key included. When creating .pfx file your "certificate guys" need to include in it private key and they need to give you password so then you can extract it using the steps you have mentioned. If thats a case you need to get back to your certificates guys and ask them for certificate with the key and password.

This is what i meant in my second answer to your question when I mentioned that you will need a password...

btw.

all other commands you mentioned are correct. I was just doing the exact same thing yesterday and these are cmd's i used (assuming that my certificate was called NPrinting.pfx):

• openssl pkcs12 -in NPrinting.pfx -nocerts -out NPrinting.key
• openssl pkcs12 -in NPrinting.pfx -clcerts -nokeys -out NPrinting.crt
• openssl rsa -in NPrinting.key -out NPrinting-decrypted.key

i then renamed NPrinting-decrypted.key to  NPrinting.key and used it with NPrinting.crt

Btw.

Look at web server logs when working on it - they idicate issue with key....

Hi Lech,

Thank you for investing your time. 🙂

I have approached our certificate team and waiting for their reply. But I want to tell you that our certificate team has provided us with a password for extracting .pfx file and I have applied it in step 1 and 2, even still you feel there was something wrong with the certificates.

And want to you if your Nprinting links worked well without any issues after following all the steps in the provided link.

Thank you

I am not saying that your certificate is wrong.

All what i am saying is that it is either not extracted properly or not installed properly.

If you have password and you are sure that certificate has private key in it you can use my 3 commands and do all the job.

After applying certificates and using fully qualified domain names to access nprinting console and news stand i had trusted connection. In web server logs there were no errors!

Hi Lech,

I have performed all the steps again. Now there is no issue while performing the steps and it asked for passphrase this time. There are no errors in log files too after restarting the web engine. Everything went well. 

But when launched the portal I saw the certificate error again. Reason found was there was no root and intermediate certificates and got the root and intermediate certificates from the team and installed.

Certificate error is solved finally. But we have observed 30sec - 45sec delay in loading the portal after performing this certification task.  Before it used to takes just 2sec to load the page. 

Appreciate if you can provide any suggestions for the performance issue.

Thank you.