1 Reply Latest reply: Sep 10, 2018 1:04 PM by Daniel Buraimo RSS

    Connecting to Qlik Enterprise via exported certificates with a JAVA client

    Daniel Buraimo

      Below are the steps I took to attempt to connect to my Qlik enterprise server


      1. Logged in to the server and exported the certificates (In both Windows format and PEM format)


      2. Created a keystore file with the keytool exe via command prompt with the following command

      "C:\Program Files (x86)\Java\jre1.8.0_181\bin\keytool.exe" -genkey  -alias qlik -keystore "C:\Program Files (x86)\Java\jre1.8.0_181\lib\security\keystore.jks"


      3. Imported the exported client.pem certificate into the keystore with the following command

      "C:\Program Files (x86)\Java\jre1.8.0_181\bin\keytool.exe" -keystore "C:\Program Files (x86)\Java\jre1.8.0_181\lib\security\keystore.jks" -importcert -alias qlikclient -file "C:\qlik_certs\client.pem"


      4. I then ran my test program and I got the below error. I can provide more detailed information if needed at your request


      Grizzly(2), fatal error: 46: General SSLEngine problem


      sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

      %% Invalidated: [Session-1, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256]

      Grizzly(2), SEND TLSv1.2 ALERT: fatal, description = certificate_unknown

      Grizzly(2), WRITE: TLSv1.2 Alert, length = 2

      Grizzly(2), fatal: engine already closed. Rethrowing javax.net.ssl.SSLHandshakeException: General SSLEngine problem


      javax.websocket.DeploymentException: SSL handshake has failed