I've successfully changed the SSL browser certificate thumbprint in the QMC. The new certificate is used when I open the hub or qmc in my browser.
However, the server certificate returned when I call the QRS (on port 4242) isn't changed. The QRS still uses the certificate that's generated by Qlik. Is there a way to configure the certificate that's used by the QRS?
How are you contacting QRS? Are you using ticketing, header, or session auth to connect? What tools are you using to identify the QRS is using the Qlik generated certs. I'd like to do some testing with this so any information you may be able to supply is helpful.
I know I can add the Qlik certificate to the certificates store of the client making the request. Then the code above is no longer needed to make things work. However, I'd like to be able to add additional 'qlik sense clients' to my solution, without adding certificates to the client's certificate store. That's why I'd like to use a certificate issued by an authority that's already trusted by all clients in my domain.
I found that the Qlik certificate is still being used by opening the QRS url (https://myqlikserver.com:4242) in my browser and viewing the certificate information that's sent by the server.
The same certificate info is visible when I put a breakpoint in the ServerCertificateValidationCallback delegate.
you cannot change those certificates, they are generated by the Qlik Sense Installation itself which will detect and remove and regenerate invalid certificates. Additionally the root certificate is used to unlock the secured parts of the repository and so changing it will break the Sense installation. This makes it extremely important to ensure that the root certificate is backed up.