Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
Hi, we are using Qlik Sense with Qlik NPrinting. When we try to access the Qlik Nprinting URL its showing warning like "your connection is not private". Then I opened the developer tool and checked under security tab, then its shows
"The page is not secure (broken HTTPS)" Below
Certificate - Subject Alternative name missing
Certificate - missing (here its showing like "err_cert_comm_name_invalid") .
any one suggest pls?
Note: Because of this first time URL is not working, then from advance If I clicked the URL then it is working.
Both certificate installed at same day in the Qlik Sense and Qlik NPrinting.
@balajibc64 Hello, Please explain the issue you have. If this is just button for on demand, Make sure you have added Trusted origin.
Here, You have to do few things.
Please add you Qlik sense FQDN, Example if this is your QS url, https://URLofQliksense
and it must be added two another N-Printing as well, an example.
HI @balajibc64
you would use Open SSL to convert PFX certificate file to CRT and KEY file. I assume you have already PFX certificate file purchased for FQDN/or wildcard of your prod nprinting server?
If you not familiar with certificates then ask your network admin to convert those files for you it will save you a hussle understing what is what. The whole conversation could be described in following steps:
1.get a wildcard certificate for your domain with private key in pfx format (for example Cert.pfx file)
2.install OpenSSL (on NPrinting server or your machine)
3.copy Cert.pfx" to "C:\OpenSSL-Win64\bin" folder and run below commands from that location.
openssl pkcs12 -in Cert.pfx -nocerts -out NPrinting-Decrypted.key
openssl pkcs12 -in Cert.pfx -clcerts -nokeys -out NPrinting.crt
openssl rsa -in NPrinting-Decrypted.key -out NPrinting.key
as result you will get NPrinting.crt and NPrinting.key file (with decrypted key). those files need to be copied to following folders (the same files copied to both of the folders below) for admin console and news stand:
C:\ProgramData\NPrinting\newsstandproxy
C:\ProgramData\NPrinting\webconsoleproxy
In above mentioned folders there are "app.conf" files which have to be modified. Find this line and modify it to point to your certificate
http.sslcert=${ProgramData}\NPrinting\webconsoleproxy\NPrinting.crt
http.sslcert=${ProgramData}\NPrinting\newsstandproxy\NPrinting.crt
restart nprinting web server
use FQDN to access nprinting console. Connection should be secure with valid trusted 3rd party certificate
That is all what it takes
Hi @balajibc64
It is possible if it was installed with exportable option.
You can check if wildcard cert is intalled in Qlik Sense server (MMC--> add Snap-In etc...) and then export it from there, however you would need to make sure you also get a private key exported and it will depend on whether cert on Qlik Sense was installed with the option to allow for private key export or not.
It looks like for whatever reason you dont want to talk to your network admins otherwise you would get that cert weeks ago 😂😂😂
cheers
Hi @balajibc64 - I dont know. I hav enot done it that way. In bare theory it should work, but maybe there are other things I am missing.
This is not a scenario documented so you are trying to do something different than what is documented. Do it and see. We already gave you official/documented steps, you are wanting to do different steps. It is up to you.
cheers
@balajibc64 Subject alternative is really important. Can you see the certificate and check if any values or host details available in Subject alternative.
Hope your certificate created towards webserver?
Hi @Anil_Babu_Samineni Yes webserver only. Can you pls suggest where and how to check subject alternative?
@balajibc64 This is related to similar: https://community.qlik.com/t5/Official-Support-Articles/ERR-CERT-COMMON-NAME-INVALID-when-using-3rd-...
Please see if that helps .
Hi @Anil_Babu_Samineni Thank you. I will check.
Quick Question:
This is needs to be done in Qlik NPrinting Server only right?
And I have checked while accessing the Qlik NPrinting Server URL,
"Attackers might be trying to steal your information from YYY.XXX.com.qa"
NET::ERR_CERT_AUTHORITY_INVALID
so for this we need to handle Subject alternative is important right ?
Whether I need to recreate a new certificate for create Subject alternative (or) using existing one itself enough ? Please suggest.
@balajibc64 I wonder if you can modify the existing one because the communication needs to be send.
It doesn't matter if that is connected to tool (Because it is same for almost all FQDN hosts like your nprinting).
So, I would recommend to recreate and use it and let's see how that is helping you.
PS: Subject alternative depends how your certificate management configured in the backend (Meaning, in Webserver template if that is optional when they create it, I won't suspect this is due to this).
Hi @Anil_Babu_Samineni Oops got confused. Because I can't try directly in Production. Below are the details I found,
1. Logon into Qlik NPrinting server.
2. Looked the existing certificate via mmc
3. Under Certificate, Details tab I'm seeing Subject value. This subject value is SWXXXD0AAAS0003 (Our Qlik NPrinting Server name).
4. There is no "Subject Alternative Name" under this tab.
5. Now when I'm tried to access the Qlik NPrinting URL, facing this NET::ERR_CERT_AUTHORITY_INVALID.
I notice this message as per your given link,
Attackers might be trying to steal your information from fltapsaaa.asdfgsdirways.com.qa (for example, passwords, messages, or credit cards)
NET::ERR_CERT_AUTHORITY_INVALID
Pls note: I trying to resolve this issue, because in Qlik Sense dashboard, On Demand button is not working. so that trying to resolve this certificate issue.
Hi @Anil_Babu_Samineni any suggestion
Hi @Lech_Miszkiewicz Tagging you, can you pls guide if possible .
Hi @Anil_Babu_Samineni Quick Question, As you mentioned " would recommend to recreate".
you mean re-create a certificate ? If yes, is this via Qlik Sense QMC --> certificate like this way?
@balajibc64 Sorry for the late, I am away yesterday 🙂
Anyway, this sounds like this is something somebody trying to access your company address. I would recommend checking with your provider (Like, Webserver from where you ordered or using this template to create certificates).
You may be looking only in Qlik sense, my intention to check from N-Printing side as well, it means when you create private key (There are many ways to create certificate), it could check the box and what if, in case if you create again the certificate in Qlik sense via QMC and also the same from Qlik N-Printing.
Once you download the certificate in CER, please follow like this.
Typical path is C:\ProgramData\NPrinting\newsstandproxy\.
Typical path is C:\ProgramData\NPrinting\webconsoleproxy.
Uncomment by removing the # and change or add the following lines to:
http.sslcert=${ProgramData}\NPrinting\newsstandproxy\ xyz.crt (Change the certificate file name if necessary.)
http.sslkey=${ProgramData}\NPrinting\newsstandproxy\NPrinting.key. (Change the private key file name if necessary.)
2. Edit the Qlik NPrinting web console proxy configuration file:
%ProgramData%\NPrinting\webconsoleproxy\app.conf
Uncomment by removing the # and change or add the following lines to:
http.sslcert=${ProgramData}\NPrinting\webconsoleproxy\ xyz.crt (Change the certificate file name if necessary.)
http.sslkey=${ProgramData}\NPrinting\webconsoleproxy\NPrinting.key (Change the private key file name if necessary.)
/* I noticed from your statement for this,
3. Under Certificate, Details tab I'm seeing Subject value. This subject value is SWXXXD0AAAS0003 (Our Qlik N-Printing Server name).
Make sure, Subject valid with your FQDN as well, an example it should be community.qlik.com if this is your N-Printing URL to whitelist.
*/
Please do let us know if you need more information or not worked.