we need to change the SSL certificate used by Qlik Sense for its REST service API (QRS and QPS).
The "security" section of the proxy settings in QMC contains an SSL certificate thumbprint but that only seems to apply to the connections of web browsers to the QMC and Hub but not the REST service calls we also use.
Our use case is that we'd like to install Qlik Sense on an Amazon Web Services system with our own software on another AWS system.
Here, each system has a publicly accessible hostname and an internally known one.
The certificates that Qlik generates itself are issued to the internal hostname and thus when accessed from the outside via the public hostname are considered invalid. Changing the SSL certificate thumbprint to one matching the public hostname only affects the connections with the browser but our REST calls fail because the certificate used there is still issued to the internal hostname.
Is there a way to change those SSL certificates as well or tell Qlik to generate them issued to a specific hostname (instead of the one it figures out itself)?
Re: Change SSL Certificate for Qlik Sence Service API
I'm researching this in the help and it looks like the QRS requires the client certificate generated at install or exporting through the QMC.
It's possible that the self-signed certs are used throughout the internal communications in a Qlik Sense deployment. The SSL thumbprint is used to validate external connections to the proxy. It appears from the documentation that QRS happens behind the proxy in all cases which may use the self-signed certs. Therefore, you have to use the QlikClient cert to allow the inner workings of the Qlik Sense deployment to trust your external request.
I have a theory about making a QRS request work with your server cert instead of the self-signed client cert by performing the following: