A valid certificate with a Private Key is installed (according to How to change certificate for the Proxy). However, the certificate does not get recognized by the Proxy and the error Couldn't find a valid ssl certificate with thumbprint is printed in the Proxy Security logs.
The Certification Path for the certificate shows that the certificate is OK and the service account has full access to the private key and certificate store.
Cause
While the Qlik Sense certificates are all stored in the correct certificate store, the relevant CA (Certificate Authority) certificates may have been imported in the Personal store rather than the Trusted Root Certificate Authorities store.
Resolution
Verify that every single CA Authority in the Certificates trust chain is correctly imported as a "Trusted Root Certificate Authorities" certificate store. They may have been installed in the "Personal / Certificates" store instead.
If, for example, you are using a COMODO RSA Certificate, the COMODO RSA Certificate Authority Root Cert must be in the Trusted Root Certificate Authorities store.
Move the CA Root certificates to the correct folder and restart the Proxy service. If Certification Path is marked as not found after that, attempt re-importing the certificate while in the Personal store selecting the "automatic" placement of all certificates contained in the .pfx file.
Related Content:
Qlik Sense Hub and QMC with custom SSL certificate
How to: Change the certificate used by the Qlik Sense Proxy to a custom third party certificate
ERR_CERT_COMMON_NAME_INVALID when using 3rd party certificate
Qlik Sense: Compatibility information for third-party SSL certificates to use with HUB/QMC
Requirements for configuring Qlik Sense with SSL