I installed the new Qlik Sense mobile app for android and worked fine for me on a local network (Mobile Phone via WiFi and QlikSense Server on the same network),but when i try log on on the app but with a link generated by a QlikSense Server with public IP Address and my Mobile Phone with own internet not works, the Qlik Sense mobile app show me the error message "The certificate is not valid for https://public_ip_adress/. Please contact your administrator"
I tried the following steps to solve the problem, but not works
1) From QMC i generated and exported the QlikSense certificate with machine name IP public adress and then installed on Andriod Mobile Phone, i installed the certificates for both options (vpn and apss) and WiFi with name like to ip public adress
2) I tried to generate a new authenticacion link from QMC with HTTP but the Qlik Sense mobile app show me the error message "Server log in attempt failed"
In two cases HTTPS and HTTP the the server link is added well on Qlik Sense mobile app, but when i tried to connect, show me the error message mentioned
The certificate you exported from QMC likely does not match your deployed domain because you are most likely extracting the certificate that was shipped with QSE as default? You would need a certificate that is validated for your domain by someone like Verisign (or a similar CA).
Your error is likely generated by the network platform in Android that fails to validate the certificate and therefore does not allow the client to access the server (for your users' protection.
Thanks for your answer, i have two questions related with your post:
Why worked for me on a Local Netwotk (Mobile Phone and QlikSense Server on the same network) without installation of certificates ?
I tried with another QlikSense server, this server are using an valid CA (internal) and i installed the Root CA certificate on my Android, then i connected with VPN and goes to HUB from Chrome and worked fine, the browser not showed me the certificate error and the URL has the green icon, but when i generated the authentication link and create the server connection on QlikSense Mobile App the connection show me the error message "The server could not be reached. Please verify that your device is connected to the internet" but the device are connected to internet and connected with VPN to customer Network, i can open the HUB via Chrome
Certificate Trust problems are common with Mobile Devices. If you use an Internal CA, then the wisest way to distribute the Root CA to the mobile devices is using an Enterprise Mobility Management (EMM) or Mobile Device Management (MDM) tool such as VMware Workspace ONE (formerly AirWatch), MobileIron, or similar.
When you configure any Client authentication link in the QMC, it should be aligned with the configuration of the Qlik Proxy. If you have enabled HTTP then the Client authentication link could contain an IP Address; if you require HTTPS then the Client authentication link needs to be aligned with the name in the SSL Certificate that the Qlik Proxy is configured to use.
Assuming you've solved the Certificate Trust problems you were having, and can access Qlik Sense from the Office successfully using a browser and Qlik Sense Mobile, then the next challenge is connectivity from Home using a VPN.
Device-level VPNs (eg Capsule Connect) "just work" because the app (browser or Qlik Sense Mobile) simply talk to the TCP stack and it routes traffic locally or through the VPN as required. Per App VPNs [particularly on iOS] behave differently. When activated, iOS (and maybe Android too) routes ALL traffic from that App to the VPN client, which [unless configured with Split Tunneling] will route that traffic to the VPN Gateway inside the firewalls.
This is fine from a Browser (assuming the VPN supports HTML5 Websockets), but can interfere with the internal operation of Qlik Sense Mobile.
Qlik Sense Mobile contains an embedded Browser, WebServer and on iOS it also includes the Qlik Sense Engine. Just like Qlik Sense Enterprise, these communicate over TCP, but a PerApp VPN may route the app-internal localhost (127.0.0.1) traffic through the VPN to nowheresville causing a Network Error to be displayed to the user when that traffic should have stayed on the device.
Qlik has documented the requirement for Split Tunneling for the AirWatch Tunnel VPN at help.qlik.com If using any other VPN, you will have to confirm that:
the VPN supports Websockets (easily confirmed using a Browser)
localhost traffic can be configured to bypass the VPN
It would be interesting if you can share what EMM and VPN technology your customer is using.