Qlik Community


Search or browse our knowledge base to find answers to your questions ranging from account questions to troubleshooting error messages. The content is curated and updated by our global Support team

QlikWorld 2022, LIVE in Denver CO., May 16-19, 2022. REGISTER NOW TO RECEIVE EARLY BIRD PRICING

Qlik Sense: Compatibility information for third-party SSL certificates to use with HUB/QMC


Qlik Sense: Compatibility information for third-party SSL certificates to use with HUB/QMC

A third party certficiate was configured in the Qlik Sense Proxy, but is not being used.
The connection is not private" NET::ERR_CERT_COMMON_NAME_INVALID may be displayed on HUB access. 


Qlik Sense all versions

Qlik Sense Enterprise uses self-signed and self-generated certificates to protect communication between services, as well  as user web traffic to the Hub and QMC.  It is possible to use a third-party issued SSL certificate to protect client web traffic, as using the self-signed certificate will cause a certificate warning to be displayed in the web browser (such as Google Chrome or Internet Explorer). Third party certificates are not supported by Qlik. 

If the third-party certificate for the Qlik Sense Proxy Service is not fully compatible with Qlik Sense or it does not have the correct attributes and cyphers, the Qlik Sense Repository Service will revert to using the default certificates. The following error may occur in the Proxy Security logs:

Example:  C:\ProgramData\Qlik\Sense\Log\Proxy\Trace\HOSTNAME_Security_Proxy.txt

No private key found for certificate 'CN=qliksense.domain.com' ([CERTIFICATE THUMBPRINT HERE])
Couldn't find a valid ssl certificate with thumbprint [CERTIFICATE THUMBPRINT HERE]	
Reverting to default Qlik Sense SSLCertificate
Set certificate 'CN=qliksenseserver1.domain.com' ([CERTIFICATE THUMBPRINT HERE]) as SSL certificate presented to browser



In order for Qlik Sense Enterprise to correctly recognize the third-party certificate as valid, the certificate will have to meet the following requirements:

Note: Root and Intermediate CA certificates need to be correctly installed. Should any be missing, Qlik Sense proxy will not use the server certificate and will revert back to using the self-signed certificate instead.

Certificates that are known to work well with Qlik Sense have the following attributes:

  • Certificates that are x509 version 3. More information including filename extensions under https://en.wikipedia.org/wiki/X.509 
  • Use signature algorithm sha256RSA
  • Use signature hash algorithm sha256
  • Signed by a valid, and os/browser configured , CA
  • Are valid according to date restrictions (valid from/valid to)
  • Key in format CryptoAPI (not in CNG)
  • Note: The certificate itself has to contain private key no matter what Qlik Sense version.

QS Cert Compatibility.gif

 Related Content:

Labels (1)
Version history
Last update:
‎2021-01-27 01:44 PM
Updated by: