What I understand is when a request is made from browser to Qlik Sense, it checks for the Proxy SSL certificate if it is not available or access is not allowed then it will use the self signed certificate.
What you think on this.
If this is the case then Help site says below.
When editing a proxy certificate as a user without admin privileges, you need to run the repository in bootstrap mode before the changes take effect.
Yeah ok. But the QS proxy does have access to the SSL certificate. After logging in it uses that certificate and the browser is happy. It's only on the login page that the self-signed certificate is used. It's like it uses the right certificate for port 443 but still uses the self-signed certificate for port 4244. And this does not happen on another QS site we have. There the self-signed certificate is never presented to the users browser.