Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Not applicable
‎2015-05-21 08:44 AM

Configure QRS certificate on Sense Server

Hi,

I've successfully changed the SSL browser certificate thumbprint in the QMC. The new certificate is used when I open the hub or qmc in my browser.

However, the server certificate returned when I call the QRS (on port 4242) isn't changed. The QRS still uses the certificate that's generated by Qlik. Is there a way to configure the certificate that's used by the QRS?

Thanks in advance.

Danny

3,039 Views
5 Replies
Not applicable
‎2015-05-21 02:48 PM
Author

Hi Danny,

How are you contacting QRS?  Are you using ticketing, header, or session auth to connect?  What tools are you using to identify the QRS is using the Qlik generated certs.  I'd like to do some testing with this so any information you may be able to supply is helpful.

jg

1,003 Views
0 Likes
Not applicable
‎2015-05-22 03:53 AM
Author

In response to

Hi Jeffrey,

I use a .NET REST client (http://restsharp.org/) to communicate with the QRS, similar to the example shown here: http://help.qlik.com/sense/en-us/developer/#../Subsystems/RepositoryServiceAPI/Content/RepositorySer...

I would like to get rid of the following line of code:

ServicePointManager.ServerCertificateValidationCallback += (sender, certificate, chain, errors) => true;

I know I can add the Qlik certificate to the certificates store of the client making the request. Then the code above is no longer needed to make things work. However, I'd like to be able to add additional 'qlik sense clients' to my solution, without adding certificates to the client's certificate store. That's why I'd like to use a certificate issued by an authority that's already trusted by all clients in my domain.

I found that the Qlik certificate is still being used by opening the QRS url (https://myqlikserver.com:4242) in my browser and viewing the certificate information that's sent by the server.

The same certificate info is visible when I put a breakpoint in the ServerCertificateValidationCallback delegate.

Danny

1,003 Views
0 Likes
Not applicable
‎2015-05-22 11:30 AM
Author

In response to

What about using a wildcard server cert? If you change the server cert the Sense servers use through the security thumbprint then I think you can get rid of of the ServicePointManager call.

I imagine that may work the way you want.

1,003 Views
0 Likes
Not applicable
‎2015-05-25 02:50 PM
Author

In response to

Actually, I've used the thumbprint of our wildcard certificate. But the server certificate used when calling the qrs on port 4242 is still the auto-generated qlik certificate.

Even when I remove this certificate from the server's certificate store, next time I connect, a new certificate is generated and used.

1,003 Views
0 Likes
Not applicable
‎2015-09-16 02:55 AM
Author

FYI, I got response from the Qlik Sense team:

you cannot change those certificates, they are generated by the Qlik Sense Installation itself which will detect and remove and regenerate invalid certificates. Additionally the root certificate is used to unlock the secured parts of the repository and so changing it will break the Sense installation. This makes it extremely important to ensure that the root certificate is backed up.


http://help.qlik.com/sense/2.0/en-US/online/#../Subsystems/PlanningQlikSenseDeployments/Content/Serv...

1,003 Views
0 Likes