Qlik Community

QlikView Security & Governance

Discussion Board for collaboration on QlikView Security and Governance.

Announcements

Breathe easy -- you now have more time to plan your next steps with Qlik!
QlikView 11.2 Extended Support is now valid through December 31, 2020. Click here for more information.

Not applicable

question about using certificates to secure web services communication

I am currently trying to use certifcates to secure the communication between qlikview services. From what I understand, this is needed to have a secure communication if the services are not all located on the same domain. However this should not be needed for communication between the qv management service and services located on the same server.

The documentation seems to imply that:

1) Once certificates are used, they are used for communication between all services.

2) Certficates should only be used when services are not on the same server as QMS.

This kind of confuses me....

For example, suppose a first server hosts: QMS, DSC, QDS and QVWS services while another server hosts the QVS service. Is it possible to keep the communication between services on the first server using windows authentication while requiring ssl for the exchange between QVS and QMS?

1 Solution

Accepted Solutions
flp
Not applicable

Re: question about using certificates to secure web services communication

So using certificates is a all or nothing approach. If you change to use certificates all services are authorized to communicate using certificates. In more detail, the certificates are not bound to a service but to a machine. So in the scenario that you run more than one service on a machine they will use this servers certificate to authorize the communication.

So it is possible to run all services on one machine and still use certificates but from a security perspective there is no benefit of doing it.

So in a scenario where you have two machines and choose certificates these are used to make sure that the services that try to connect are authorized to do so independent if they are running on the same machine or an other host.

But to remember is that the QVAdministrators group is still used to authorize people on the server running the QMS to get access to the QMC.

I hope this answers your question.

2 Replies
Support
Support

Re: question about using certificates to secure web services communication

Hi,

That is an interesting question and I am not sure. However, I would think it is all or none. I don't think the the QMS can be setup for both. Now if you look at the QEMC you will see it talks to the QVS using the QVP protocol which is RSA 128.

Bill

Bill - Designated Support Engineer at Qlik
If a post helps to resolve your issue, please mark the appropriate replies as CORRECT.
flp
Not applicable

Re: question about using certificates to secure web services communication

So using certificates is a all or nothing approach. If you change to use certificates all services are authorized to communicate using certificates. In more detail, the certificates are not bound to a service but to a machine. So in the scenario that you run more than one service on a machine they will use this servers certificate to authorize the communication.

So it is possible to run all services on one machine and still use certificates but from a security perspective there is no benefit of doing it.

So in a scenario where you have two machines and choose certificates these are used to make sure that the services that try to connect are authorized to do so independent if they are running on the same machine or an other host.

But to remember is that the QVAdministrators group is still used to authorize people on the server running the QMS to get access to the QMC.

I hope this answers your question.