Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
This is probably a long shot, but who knows. I'm deploying QlikView in a DMZ environment. We're using IIS as the webserver and have deployed only the "QlikView Settings Service" on the DMZ server. All the other services are sitting behind the firewall on another server. I am able to deploy the certificates to the webserver from the QMC sitting behind the firewall (went to the website, typed in the code, etc.).
The problem I'm having is that, once the certificates have been added, the QlikView Setting Service will no longer start. (Part of) the event log error is:
"Found multiple X.509 certificates using the following search criteria: StoreName 'My', StoreLocation 'LocalMachine', FindType 'FindBySubjectDistinguishedName', FindValue 'CN=MYSERVERNAME'. Provide a more specific find value."
As the error message implies, the issue is that there are multiple certificates on the server that all have the same subject. As the search name is rather generic, it's looking for the name of the server, the search returns multiple certs. The other certificates are being used by other websites and applications that are hosted on the DMZ machine, so I cannot just remove them. Is there any way to make the search a little more specific? For example by modifying a .config file (maybe switching it to FindByThumbprint instead of FindBySubjectDistinguishedName)?
Any help/ideas would be appreciated.
Sounds like a bug!
I wonder if the QVWS would have the same issue - just as a test (although you may not be allowed install it).
Sorry that I can't be more helpful.
Stephen
Unfortunately installing QVWS is not an option. A ticket has been logged with support as well, so will follow up if this yields a useful answer. Currently the only workaround I see is deploying a separate box with IIS, which seems like a real waste.
No reply from support yet, but we managed to work around it by renaming the other certificates.
Hi,
What version are you running? Also, when you did the install did you select to manage? Certificate or Administrator group?
Bill
11.2 SR3, I'm using certificate authentication. We have everything working, the problem was that there were multiple certificates with the same subjects (used by different websites and applications on the server). The client ended up changing the subjects for those certificates.
I think it would be nice if the search for the certificate was done based on the fingerprint, instead of just the server name, but I can imagine that's way down on the feature request list
Might be worth you feeding that information to the Beta team. They may find it interesting.
Stephen
Actually just encountered this problem again. This might actually be a bigger risk than I first thought. We resolved this by renaming the certificates used by the other apps on the server. If in the future a new app is deployed that uses the same subject name (very likely, as it's just the machine name) then the QlikView Settings Service will be brought down. I would highly suggest switching to FindByThumbprint instead of FindBySubjectDistinguishedName.