[ERROR] Fatal exception during bootstrap: Newly created client certificate not valid; root certificate can't sign new certificates; see logs at Qlik.Sense.Communication.Security.CertSetup.ThrowAndLogFatalRootError(String msg) at Qlik.Sense.Common.Security.SecuritySetup.SetupCA(String externalRootCertThumbprint, ICipherAlgorithm secretsAlgorithm, Boolean forceNewSetup) at Repository.Core.Bootstrap.BootstrapHandler.Install(BootstrapState bootstrapState) at Repository.Core.Bootstrap.BootstrapHandler.Bootstrap(BootstrapState bootstrapState) at Repository.QRSMain.Bootstrap() at Repository.QRSMain.Main() Bootstrap mode has terminated. Press ENTER to exit..
Other errors in the Qlik Sense Logs include:
Certificates are not correctly installed
20201022T144326.598+0200 ERROR APP03 Security.Repository.Qlik.Sense.Communication.Security.Certificates.CertUtil 44 c0cde05d-6354-46fb-a249-d7de93aad09c HELD-W2K\QlikService When accessing certificate store (loc:LocalMachine, name:Root):
Duplicate or invalid root certificates are not allowed;
Waiting for certificates and hostname
WARN APP03 Security.Printing.Qlik.Sense.Communication.Security.Certificates.CertValidator 4 886518e5-f503-418c-b441-094d4ed4fc2f HELD-W2K\QlikService Certificate 'CN=QlikClient' (D24E4965A56C5D0764E9B5255670F38B01F8D9EF) is invalid because it was not signed correctly by 886518e5-f503-418c-b441-094d4ed4fc2f
Qlik Sense Enterprise, all versions
This issue is caused by access issues when attempting to access/recreate the certificates and/or other GPOs that affect certificates.
A GPO is in place which enforces duplication of the hostname-CA certificate.
A GPO is in place which prevents the creation of a new certificate.
It may also be possible that access to the certificate is not granted. In which case the following may help: