The whole world is changed to use only a secure http connection, why keep up with global trends?
In manufacture using so powerful Qlik server that there is no difference between http and https.
In any case, you enable access to the server via http check option "Allow http" in proxy settings https:Yourhost/qmc/proxies
Did you figure out a way to disable SSL? Setting the app to "use both" also required opening ports 4848, 4244, and 4248 in addition to 80 in the network appliance.
FYI, It's common for SSL/TLS to be managed by more robust network appliances which do load balancing and firewall tasks. Can you imagine managing every single server's firewall configuration individually? Especially if you have 100 machines in your VPC. Yuk. Centralizing TLS and Firewall greatly simplifies key management and scaling as well as interconnectivity inside the intranet (VPC).
This is called SSL offloading and is actually a pretty neat feature of the NetScaler. Basically, you shift all of the processing required for SSL encryption off of your application/web server and onto the NetScaler, which has dedicated resources for this task. It's pretty slick.
The amount of resources that your system requires to handle SSL transactions ultimately depends on the volume of traffic you're processing. So yes, it's really true that it requires more hardware/processing power.....but how much is dependent upon your environment.
On the Quick Installation Guide - page 8 - it lists deactivating HTTPS as a post-installation step in the management console proxy settings interface. It refers to the following topic on the help site for more info: Administering Qlik Sense > Managing a Qlik Sense site > Configuring Qlik Sense > Configuring security > Changing proxy certificate
Unfortunately I don't see where in the screenshots it has anything about 'deactivating' HTTPS; it only shows the option to allow HTTP. So I'm not entirely sure where this is done.
Hi Josh and Joe,
You are of course both correct. We do also have a NetScaler appliance and our networks and server team strongly advise the BI-team to use NetScaler for HTTPS security.
I have not found any way to disable HTTPS, but I assume I could just block the HTTPS traffic in the firewall or something.
Did any of you successfully set up NetScaler together with QlikView Server or Qlik Sense server?
Our idea is to force all traffic to Sense Server to go through the NetScaler-appliance and use Header authentication, but we haven't gotten around to complete the setup yet.
Thanks for sharing any experiences and tips and tricks!
Depending on your NetScaler setup you might have to enable websocket support otherwise it will drop your requests.
You most likely also want to add the NetScaler domain/primary hostname to the white list in QMC, just in case they alter the origin header in the request. We check every incoming websocket request against the whitelist to ensure that no unauthorized inbound traffic occurs.
I'm not sure if you can turn off SSL support, then again just block it in the firewall. If you have no incoming connections the server won't use resources to de-code/encode SSL traffic.
All Qlik Sense Client files is set up to respect your domain and protocol, so serving up the client and hub over http and it will never request a resource over https.