Installing SSL Certificate for Qlik Sense - Qlik Community

awqvuserneo · ‎2015-03-29

Hi folks,

This may not be directly related to Qlik Sense itself, but just wondering if you could help providing guidance on how to register SSL Certificate for Qlik Sense purposes?

We tried to input the thumbprint into QMC, we get the "website not secure" message. Since from QMC perspective it was simply putting the thumbprint from the certificate, if it is not working, I thought it could be because of the followings:

1. SSL certificate is not being registered properly

2. The server name attached to the certificate is not the same as the actual server name

3. Incorrect way to the install the certificate.

There was an article that some folks experiencing difficulties as well.. not sure if this refers to the same issue:

http://community.qlik.com/thread/144840

We get this SSL certificate registered via GoDaddy, and basically it has 2 types:

1. For IIS type, has 2 files: <filename>.crt & gd-g2_iis.intermediates.p7b

2. For other types of server: <filename>.crt & gd_bundled-g2-g1.crt

I assume for Qlik Sense, we would use the IIS-type. During the installation, I started with the *.crt, right-click the file, choose "Install Certificate" > Local Computer, & choosing automatic, the same with the gd-g2_iis.intermediates.p7b.

When I installed the gd-g2_iis.intermediates.p7b, I got the following message. Does this mean:

1. There was something wrong with certificate; or

2. I have conflicting certificate information which previously installed & need to be removed before installing this one?

3. Other reasons?

Lastly, how do you remove SSL certificate? Do you just go to mmc, add snap-in, and remove the entries there?

I really appreciate if you could help point it out/shared your experience / troubleshooting SSL certificate installation, etc.

Many many thanks in advance,

Anton

Report Inappropriate Content · ‎2015-03-30

Anton,

I think you may be adding a thumbprint from an incorrect cert. It looks like you have a GoDaddy root certificate which is fine, but this isn't a cert you would use to trust your site. It would be the cert for which the cert you received for your site from GoDaddy has a relationship with (as in it identifies and where your cert came from.)

The thumbprint you want to get would be from the certificate you received from GoDaddy that represents your site cert, not the root cert. This site cert (your cert) needs to have a private key attached to it when it is imported into Windows Cert Manager. Usually certs with private keys have an extension of .pfx. If you received a cert and a key from GoDaddy, then you need to use something like OpenSSL (Shining Light Productions - Win32 OpenSSL) to combine the cert and the key and then import it into the Cert Manager.

Note! Installing a cert is the same but different as importing. If you just double click a cert it's going to install where Windows thinks it should go. What you want to do is open up the certificate snap-in for the local machine and go to the Personal folder. Right click and go to All Tasks and choose import. Import your cert to this specific location. If after install two certs show up in this personal folder, the one WITHOUT the key is the root certificate. You can cut and paste this certificate into the Trusted Root Certificate Authorities\Certificates folder.

Now go back to the cert listed in the Personal\Certificates folder under local machine and get the thumbprint by double clicking the cert and scrolling to the bottom of the details. This is the thumbprint you want to enter into Qlik Sense.

After this, if you continue to have challenges with an https connection to the Qlik Sense server check the address you are entering into the url. It has to match the cert. For example, say your computer name is Sense but your cert is for Sense.CompanyX.com. In the address bar you have to navigate to Sense.CompanyX.com for your session to be trusted. What I've noticed is that this tends to work fine for the hub, but for whatever reason going to the qmc you have to enter with the Qlik Sense Hostname (listed under engines in the Configure section).

Hope this helps.

Jeff G

awqvuserneo · ‎2015-03-31

Hi Jeffrey,

Thank you very much for the detail information you provided. I suspect the issue that we're experiencing more towards the URL that comes with certificate could be different from what we type in the url (We have the url registered with cloudapp.net address - because it's hosted with Microsoft Azure), while the url that we (as user) typed in is more like https://Sense.CompanyX.com/hub. I will try this out and will post what I find within the next couple days.

Thank you again,

Anton

igorgois_ · ‎2017-11-06

im facing the same problem here...

my steps:

1- generate the .csr using openssl as said in the pdf here: Generating Certificate Signing Requests for Trusted Certificates

2- import .csr to godaddy to receive the .crt files (there are two: 1cc55b4bfa47af38.crt and gd_bundle-g2-g1.crt)

3- generate the .pfx file using openssl as said here: Create a .pfx/.p12 certificate file using OpenSSL - SSL.com‌ ps: i used the two crt files. The 1cc55b4bfa47af38.crt as -in parameter and gd_bundle-g2-g1.crt as the -certfile optional parameter

4- imported the .pfx file as said here: https://support.aginic.com/support/solutions/articles/14000031148-applying-an-ssl-certificate-to-qli...

5- At this moment, 4 certificates showed up. I moved the Root certificate to Trusted Root Certificate Authorities\Certificates folder as you said.

6- Copied the thumprint into proxies in qmc and restart qmc

7-Tried to access the sevrer using https: and get the error:

NET::ERR_CERT_COMMON_NAME_INVALID

Could you help me?

danielriosb · ‎2019-06-19

@igorgois_ did you fix it?

igorgois_ · ‎2019-07-08

yes...

look at:

https://community.qlik.com/t5/Qlik-Sense-Deployment-Management/install-ssl-certificate-from-go-daddy...