Skip to main content
Announcements
Have questions about Qlik Connect? Join us live on April 10th, at 11 AM ET: SIGN UP NOW
cancel
Showing results for 
Search instead for 
Did you mean: 
marcos_herrera
Partner - Creator III
Partner - Creator III

Qlik Sense mobile app login error

Hi Dear Qlik Community

I installed the new Qlik Sense mobile app for android and worked fine for me on a local network (Mobile Phone via WiFi and QlikSense Server on the same network),but when i try log on on the app but with a link generated by a QlikSense Server with public IP Address and my Mobile Phone with own internet not works, the Qlik Sense mobile app show me the error message "The certificate is not valid for https://public_ip_adress/. Please contact your administrator"

I tried the following steps to solve the problem, but not works

1) From QMC i generated and exported the QlikSense certificate with machine name IP public adress and then installed on Andriod Mobile Phone, i installed the certificates for both options (vpn and apss) and WiFi with name like to ip public adress

2) I tried to generate a new authenticacion link from QMC with HTTP but the Qlik Sense mobile app show me the error message "Server log in attempt failed"

In two cases HTTPS and HTTP the the server link is added well on Qlik Sense mobile app, but when i tried to connect, show me the error message mentioned

 

Thanks

Labels (1)
5 Replies
Vinay_Kapoor
Employee
Employee

Hi,

 

The certificate you exported from QMC likely does not match your deployed domain because you are most likely extracting the certificate that was shipped with QSE as default? You would need a certificate that is validated for your domain by someone like Verisign (or a similar CA).

Your error is likely generated by the network platform in Android that fails to validate the certificate and therefore does not allow the client to access the server (for your users' protection.

 

Regards,

Vinay

marcos_herrera
Partner - Creator III
Partner - Creator III
Author

Hi Vinay

Thanks for your answer, i have two questions related with your post:

 

  1. Why worked for me on a Local Netwotk (Mobile Phone and QlikSense Server on the same network) without installation of certificates ?
  2. I tried with another QlikSense server, this server are using an valid CA (internal) and i installed the Root CA certificate on my Android, then i connected with VPN and goes to HUB from Chrome and worked fine, the browser not showed me the certificate error and the URL has the green icon, but when i generated the authentication link and create the server connection on QlikSense Mobile App the connection show me the error message "The server could not be reached. Please verify that your device is connected to the internet" but the device are connected to internet and connected with VPN to customer Network, i can open the HUB via Chrome

 

MichaelRobertshaw
Former Employee
Former Employee

Certificate Trust problems are common with Mobile Devices. If you use an Internal CA, then the wisest way to distribute the Root CA to the mobile devices is using an Enterprise Mobility Management (EMM) or Mobile Device Management (MDM) tool such as VMware Workspace ONE (formerly AirWatch), MobileIron, or similar. 

When you configure any Client authentication link in the QMC, it should be aligned with the configuration of  the Qlik Proxy. If you have enabled HTTP then the Client authentication link could contain an IP Address; if you require HTTPS then the Client authentication link needs to be aligned with the name in the SSL Certificate that the Qlik Proxy is configured to use. 

Assuming you've solved the Certificate Trust problems you were having, and can access Qlik Sense from the Office successfully using a browser and Qlik Sense Mobile, then the next challenge is connectivity from Home using a VPN.

Device-level VPNs (eg Capsule Connect) "just work" because the app (browser or Qlik Sense Mobile) simply talk to the TCP stack and it routes traffic locally or through the VPN as required. Per App VPNs [particularly on iOS] behave differently. When activated, iOS (and maybe Android too) routes ALL traffic from that App to the VPN client, which [unless configured with Split Tunneling] will route that traffic to the VPN Gateway inside the firewalls. 

This is fine from a Browser (assuming the VPN supports HTML5 Websockets), but can interfere with the internal operation of Qlik Sense Mobile. 

Qlik Sense Mobile contains an embedded Browser, WebServer and on iOS it also includes the Qlik Sense Engine. Just like Qlik Sense Enterprise, these communicate over TCP, but a PerApp VPN may route the app-internal localhost (127.0.0.1) traffic through the VPN to nowheresville causing a Network Error to be displayed to the user when that traffic should have stayed on the device.

Qlik has documented the requirement for Split Tunneling for the AirWatch Tunnel VPN at help.qlik.com
If using any other VPN, you will have to confirm that: 

  1. the VPN supports Websockets (easily confirmed using a Browser)
  2. localhost traffic can be configured to bypass the VPN

It would be interesting if you can share what EMM and VPN technology your customer is using.

help4qv123
Creator II
Creator II

Hi Michael,

Can You help me in this issue.

We have set a reverse proxy sometime ago and was working fine. Now from past few months it is not working. The network team says the reverse proxy link is working fine. 

We now need some different way which can be set up for QS mobile , without using a reverse proxy. QS in hub works fine in laptop with internet and vpn. Since we dont have a vpn in mobile how can we make this work.

 

Could you please help me with this? I dont have much knowledge on Networking on how can be configured. 

MichaelRobertshaw
Former Employee
Former Employee

It seems worthwhile to investigate why the existing Reverse Proxy isn't behaving as expected.
First confirm that mobile browsers can still interact with Qlik Sense via the Proxy.
I've come across some customers recently where the Reverse Proxy was obstructing some HTTP Host Headers and then blocking connections from Qlik Sense Mobile.  This might be a new issue in Qlik Sense Mobile, but subtle reconfiguration of the Proxy Appliances to permit eg Port# in the Host Header enabled access.