Skip to main content
Announcements
UPGRADE ADVISORY for Qlik Replicate 2024.5: Read More
cancel
Showing results for 
Search instead for 
Did you mean: 
swaroopchippada
Contributor III
Contributor III

How to disable https in Qlik replicate linux version

I installed qlik replicate in linux vm.

i m trying to access the qlik console from the a remote server

using https://<ip>:<port>/attunityreplicate

But im getting secure connection failed. i would like to know how to disable it. 

Labels (1)
1 Solution

Accepted Solutions
john_wang
Support
Support

Hello @swaroopchippada ,

You're right, it's impossible to disable HTTPS while Replicate running on Linux.

Regarding the error, obviously it indicates an issue in the SSL/TLS handshake in the first Client Hello (1) communication. There are much helpful links in Google, I think the problem may be relevant to firewall setting, or proxy etc. It's better to work with the DBA to troubleshoot it.

Good luck,

John.

Help users find answers! Do not forget to mark a solution that worked for you! If already marked, give it a thumbs up!

View solution in original post

13 Replies
john_wang
Support
Support

Hello @swaroopchippada ,

Thanks for reaching out to Qlik Replicate.

Not sure what's the error messages you got, and where the problem is: it was caused by Linux side (eg firewall settings etc), or the browser security settings lead an access problem, or something else.

BTW, the default URL of the console is like: https://192.168.33.185:3552/attunityreplicate

where the IP Address is the Replicate Server IP, default port number is 3552.

And do you get any helpful clue from the Linux side Replicate server log file? Default file name is "/opt/attunity/replicate/data/logs/repsrv.log".

Hope this helps.

John.

Help users find answers! Do not forget to mark a solution that worked for you! If already marked, give it a thumbs up!
swaroopchippada
Contributor III
Contributor III
Author

Hi John,

Thanks for your reply.

This is my repsrv.log

swaroopchippada_0-1705656704108.png

and  current status is running.

swaroopchippada_1-1705656841442.png

 

we installed the above service in a linux VM example - 192.X.X.129

I am trying to access it from another VM which is within the same segment and has a browser in it, so the source IP from where the application is accessed is 192.X.X.20

I m able to access other apps running in 192.X.X.129 server from the 192.X.X.20

but unable to access qlik application from the remote server. I got the below error.

swaroopchippada_2-1705657364157.png

So I wanted to know if I could disable https. 

john_wang
Support
Support

Hello @swaroopchippada ,

Thanks for the detailed information. However looks to me the error message:

The page you are trying to view cannot be shown because the authenticity of the received data could not be verified

was come from browser rather than Qlik Replicate. If I'm correct you are running Firefox, is that correct? could you please try other browser eg Edge, or Chrome.

Regards,

John.

Help users find answers! Do not forget to mark a solution that worked for you! If already marked, give it a thumbs up!
SushilKumar
Support
Support

Hello team,

 

If our response has been helpful, please consider clicking "Accept as Solution". This will assist other users in easily finding the answer.

 

Regards,

Sushil Kumar

swaroopchippada
Contributor III
Contributor III
Author

Hi John,

Yes, I was using Firefox. However, as suggested I tried Chrome, but it wasn't working in Chrome as well.

Also, I did curl, and I'm getting the below response.

swaroopchippada_0-1705995726401.jpeg

is there any issue with certificates or installation?

Let me know if I need to check anything else.

Thanks

 

john_wang
Support
Support

Hello @swaroopchippada ,

Thanks for the update, however I still do not think it's Replicate issue as the error message signifies an issue in the SSL/TLS handshake, which translates to an SSL connection error. Potential causes include an outdated cURL package, connection errors, or some software setup etc. So let's narrow down the issue from various sides:
1. OS version
2. openssl version
3. proxy, VPN or tunnel settings
4. disable the internet security firewall
5. restart service
6. try to telnet the port number
7. reboot OS server
8. maybe disable HPPTS and use HTTP but not recommended

I'm pasting some command results (curl command with Verbose option enabled) in my labs for your comparison, hope it helps.

John.

 

[root@CentOS85 ~]# openssl version
OpenSSL 1.1.1k FIPS 25 Mar 2021
[root@CentOS85 ~]# uname -a
Linux CentOS85.qlik 4.18.0-348.el8.x86_64 #1 SMP Tue Oct 19 15:14:17 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
[root@CentOS85 ~]# curl -i -k -vvvv 'https://192.168.33.185:3552/attunityreplicate'
* Trying 192.168.33.185...
* TCP_NODELAY set
* Connected to 192.168.33.185 (192.168.33.185) port 3552 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, [no content] (0):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, [no content] (0):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, [no content] (0):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, [no content] (0):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, [no content] (0):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server did not agree to a protocol
* Server certificate:
* subject: CN=CentOS85.qlik; O=SSC_CentOS85.qlik; title=5eUc05CpX9JkOvJToOfvB+bjOZPSJlAFJC05yWgoXE0=
* start date: Nov 26 12:42:41 2021 GMT
* expire date: Nov 27 12:42:41 2031 GMT
* issuer: CN=CentOS85.qlik; O=SSC_CentOS85.qlik; title=5eUc05CpX9JkOvJToOfvB+bjOZPSJlAFJC05yWgoXE0=
* SSL certificate verify result: self signed certificate (18), continuing anyway.
* TLSv1.3 (OUT), TLS app data, [no content] (0):
> GET /attunityreplicate HTTP/1.1
> Host: 192.168.33.185:3552
> User-Agent: curl/7.61.1
> Accept: */*
>
* TLSv1.3 (IN), TLS handshake, [no content] (0):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, [no content] (0):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS app data, [no content] (0):
< HTTP/1.1 307 Temporary Redirect
HTTP/1.1 307 Temporary Redirect
< Location: /attunityreplicate/login
Location: /attunityreplicate/login
< Set-Cookie: Replicate.3552.Redirect=/attunityreplicate; Path=/attunityreplicate; HttpOnly; SameSite=Lax
Set-Cookie: Replicate.3552.Redirect=/attunityreplicate; Path=/attunityreplicate; HttpOnly; SameSite=Lax
< X-XSS-Protection: 1; mode=block
X-XSS-Protection: 1; mode=block
< X-Content-Type-Options: nosniff
X-Content-Type-Options: nosniff
< X-Frame-Options: SAMEORIGIN
X-Frame-Options: SAMEORIGIN
< Content-Length: 0
Content-Length: 0

<
* Connection #0 to host 192.168.33.185 left intact

Help users find answers! Do not forget to mark a solution that worked for you! If already marked, give it a thumbs up!
swaroopchippada
Contributor III
Contributor III
Author

Hi John, 

We will try option 8 (i.e. disabling HTTPS and using HTTP) as we are just doing a POC. 

How to do in Linux version ? I can't find any service configuration xml .

Thanks

 

DesmondWOO
Support
Support

Hi @swaroopchippada ,

Please check this article titled "Force Qlik Replicate to use HTTP instead of HTTPS for version 2023.5 and above" if it helps.

Regards,
Desmond

Help users find answers! Do not forget to mark a solution that worked for you! If already marked, give it a thumbs up!
deepaksahirwar
Creator II
Creator II

Dear @swaroopchippada 

You can disable https in Qlik replicate linux version by modifying the host_configuration entry in the GlobalRepo.sqlite file in Replicate data folder. You will need a sqlite editor and knowledge on how to use it for this change, such as the DB Browser for SQLite.

 

Here are the steps you need to follow:

1 Stop the Qlik Replicate server service and the Qlik Replicate UI service

2 Open GlobalRepo.sqlite in any sqlite browser (as administrator)

3 Go to Browse data

4 Go to Objects

5 Locate host_configuration

6 Locate the JSON column

7 Edit the JSON column by changing the following: "host_https_port": 0, "test_https": false, "allow_unsafe_protocols": true

8 Save the GlobalRepo.sqlite file

9 Start the Qlik Replicate server service and Qlik Replicate UI service

I hope this helps you. 😊

 

If our response has been helpful, please consider clicking "Accept as Solution". This will assist other users in easily finding the answer

 

Regards,

Deepak