Qlik Community

Qlik Sense Deployment & Management

Discussion board where members learn more about Qlik Sense Installation, Deployment and Management.

aaddijksman
New Contributor III

Another Qlik Sense Certificates challenge

Dear community,

Can someone help me with the following?

I got Qlik Sense 3.2SR5 installed on a server (Windows Server 2016, offline QS installation, but later on decided to get access via internet). I can not open the hub without getting certificates warnings. I try to open the hub via 'bi.domainname1.nl'.

The Central Node in the QMC shows "servername.domainname2.nl" and can not be changed. All needed information is put in the whitelist of the virtual proxy within the Qlik Sense configuration (DNS, servername, IP-adress, bi.domainname1.nl, servername.domainname2.nl, localhost).

When I put in the thumbprint of the certificate of domainname1 I got an warning insecure connection via certificate of servername.domainname2.nl.

When I fill in the thumbprint of the certificate of servername.domainname2, I receive a warning insecure connection via certificate of bi.domainname1.nl.

Name of Central Node in QMC is non-changable, as far as I know it is not possible to give two thumbprints of certificates and a total re-installation of Qlik Sense I try to avoid. Can this be solved by replacing the right certificates in the right places (Windows)?

Do any of you experienced a same issue and if yes what was your solution?

Thanks in advance for reaction and kind regards,

Aad Dijksman

The Netherlands

6 Replies
simon_minifie
Contributor III

Re: Another Qlik Sense Certificates challenge

Hi Aad,

I don't think this is possible on a single server. You bind a certificate to a port on the server, and you can only have one certificate bound there.

You would need to have an iis server or similar with the different certificates that the users hit that then redirects them to the sense server.

Regards,

Simon

aaddijksman
New Contributor III

Re: Another Qlik Sense Certificates challenge

Dear Simon,

Thanks for your reply. My first discussion on this great community!

First reaction on your post to me is ' Aaaiii, help? '. I come from a situation where the Qlik Sense server was connected to a (reverse) proxy server who arranges the internet traffic. This concept was not working because I could not configure the proxy server the way Qlik Sense needs to work properly, so I solved that by going back to one server, the one with QS on it, but now I am stuggling with the two domainnames and certificates.

Is there any option to change the Central Node name or is this not the way to solve this certificates issue? Or can any other (perhaps self created) certificate solve this issue?

Thanks in advance for reaction and kind regards,

Aad Dijksman

The Netherlands (Amsterdam, FP)

Re: Another Qlik Sense Certificates challenge

Maybe think about putting an additional Qlik Sense Proxy in your dmz.  Does not need to be a big box, a small VM should suffice.

simon_minifie
Contributor III

Re: Another Qlik Sense Certificates challenge

Hi Aad,

Bill's suggestion was going to be my next.

2 Proxy servers will allow you to bind two SSL certificates, both pointing to the same Sense apps.

Thanks,

Simon

Re: Another Qlik Sense Certificates challenge

... and also good practice re security to put a Proxy in the dmz and not allow direct access from the internet to a Lan based server.

aaddijksman
New Contributor III

Re: Another Qlik Sense Certificates challenge

Bill and Simon,

After a short stop I will continu tackling this challenge. I will try to setup the solution you told here above.

Kind regards,

Aad Dijksman

The Netherlands

Community Browser