Qlik Community

Qlik Sense Deployment & Management

Discussion board where members learn more about Qlik Sense Installation, Deployment and Management.

wrong ssl certificate used for login page

Hello,

I have qlik sense server that's configured with a 3rd party ssl certificate. After logging in that certificate is used and the browser is happy with the trustworthy certificate.

However when logging in the form login page (https://server.domain.com:4244/form/?targetId=xyz....etc‌) uses the self-signed certificatate instead of the proper certificate. This is not nice, because now users see warnings in the browser that this an insecure site.

On another site everything works correctly and I don't see differences in how the proxy and virtual proxies are configured. Any help and hints are appreciated.


talk is cheap, supply exceeds demand
1 Solution

Accepted Solutions
simon_minifie
Contributor III

Re: wrong ssl certificate used for login page

Ok, have you tried removing that binding and applying the signed certificate to it?

13 Replies

Re: wrong ssl certificate used for login page

Hi,

Not sure but couple of checks.

1. DNS entry.

2. Host name mapping defined in hosts file of windows server.

Regards,

Kaushik Solanki

Re: wrong ssl certificate used for login page

Nope, that's not it. The domain name is fine. It's only on the login page that Qlik Sense uses its own self-signed certificate. Thanks anyway.


talk is cheap, supply exceeds demand

Re: wrong ssl certificate used for login page

What I understand is when a request is made from browser to Qlik Sense, it checks for the Proxy SSL certificate if it is not available or access is not allowed then it will use the self signed certificate.

What you think on this.

If this is the case then Help site says below.

When editing a proxy certificate as a user without admin privileges, you need to run the repository in bootstrap mode before the changes take effect.


Regards,

Kaushik Solanki

Re: wrong ssl certificate used for login page

Yeah ok. But the QS proxy does have access to the SSL certificate. After logging in it uses that certificate and the browser is happy. It's only on the login page that the self-signed certificate is used. It's like it uses the right certificate for port 443 but still uses the self-signed certificate for port 4244. And this does not happen on another QS site we have. There the self-signed certificate is never presented to the users browser.


talk is cheap, supply exceeds demand
simon_minifie
Contributor III

Re: wrong ssl certificate used for login page

Hi Gysbert,

The SSL certificate is bound to port 443 which is why it's presented there.

If you want the same for the form login page, you will also need to bind it to 4244. You are specifying the port number in the URL, so you can't expect it to use the certificate bound to port 443.

best regards,

Simon

Re: wrong ssl certificate used for login page

So why does it work on my other qlik sense site?


talk is cheap, supply exceeds demand
simon_minifie
Contributor III

Re: wrong ssl certificate used for login page

Actually, that's a very good point. It should automatically bind to both ports.

Open up a command prompt on the server and have a look at the 'netsh http show sslcert'

The same certificate hash should be bound to 443 and 4244

Re: wrong ssl certificate used for login page

That's what I thought. But I when I checked the the self-signed certificate was (and is) bound to port 4244.


talk is cheap, supply exceeds demand
simon_minifie
Contributor III

Re: wrong ssl certificate used for login page

Ok, have you tried removing that binding and applying the signed certificate to it?

Community Browser