How I did it.
Received from domain CA certificate on the server. If not necessary to, I will describe how to do this.
further open the properties of the certificate, tab "details" option "Thumbprint"
and copied value as is, with spaces.
Open QMC in my server
Edit Proxy, check Security and paste value in "SSL browser sertificate thumbprint" with space.
Restart Qlik Sense Web Server.
I exactly followed the process above for installing a server SSL certificate (both with entering the thumbprint with and without spaces). After saving the thumbprint, connection is lost and I cannot connect to QMC anymore.
Firefox : "The connection was interrupted"
- How to rollback?
- How to find out what actually goes wrong?
Appreciate any suggestions
OK, I got my SSL certificate running by
1. stopping the qlik repository service,
2. installing my certificates on the windows server
3. entering the SSL browser certificate thumbprint in the proxy (with the whitespaces)
4. removing the qlik certificates
5. restart the qlik repository service (which re-installs the qlik certificates again)
I ended up getting things working again by running the query below directly in the Postgres database that Qlik Sense is using behind the scenes (note that I only had one server and there was only one row in the table).
update public."ProxyServiceSettings" set "SslBrowserCertificateThumbprint" = null
- Stop Qlik Sense Repository Service (this will also stop the other services)
- Applying an SSL Certificate to server
to apply an SSL Certificate to a Qlik Sense server
- Launch the MMC
- When the MMC opens go to File|Add/Remove Snap-in.
- Click on the Certificates snap-in on the left side list box and click the add button.
- Choose Computer account and click Next.
- Leave Local computer selected and click Finish.
- Click OK to go back to the MMC.
Then restart the server and running all qlik services and try again for more details please check this link
Hope it Work
I already installed the certificates, but the site still show the insecure legend when I tried to open from outside.
I saw the logs and I see this:
No private key found for certificate 'CN=xx.xxxxxxxxxxxx.com, OU=Domain Control Validated' (xxxxxxxxxxxxxxx)c3b9033e-xxxx-xxxx-xxxx-xxxxxxxxxxx
5 20170815T172713.730-0300 WARN XXXX Security.Proxy.Qlik.Sense.Communication.Security.CertSetup 7 d0297779-xxxx-xxxx-xxxx-b51b06a8db33
XXXX\QSADM Couldn't find a valid ssl certificate with thumbprint xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx 0x d0297779-ea18-4521-870f-b51b06a8db33
6 20170815T172713.730-0300 WARN XXXX Security.Proxy.Qlik.Sense.Communication.Security.CertSetup 7 ea1a39dd-b87c-43c0-ad8c-492f9e14d305
XXXX\QSADM Reverting to default Qlik Sense SSLCertificate ea1a39dd-b87c-43c0-ad8c-492f9e14d305
7 20170815T172713.730-0300 INFO XXXX Security.Proxy.Qlik.Sense.Communication.Security.CertSetup 7 2fee8c35-1aaa-4f0f-9cac-a354854910cd
XXXX\QSADM Set certificate 'CN=xxxx.xxxxx.LOCAL' (8FA4393ECD334653A281886E4C3FA3D302A97F35) as SSL certificate presented to browser
Thats mean the certificated doesnt work and restored to the default one?
PS: I already added the site in the whitelist