Qlik Community

Knowledge

Search or browse our knowledge base to find answers to your questions ranging from account questions to troubleshooting error messages. The content is curated and updated by our global Support team

Announcements
QlikWorld happening right now! You can still join: REGISTER NOW

Qlik Sense on Windows: Setup Database Traffic Encryption

cancel
Showing results for 
Search instead for 
Did you mean: 
Bastien_Laugiero

Qlik Sense on Windows: Setup Database Traffic Encryption

Disclaimer: Encrypted communication between PostgreSQL database and Qlik Sense services is a supported setup. This article provides general guidance on how to enable encryption on PostgreSQL database server, but local adjustment must be applied to comply with local IT requirements.Please be aware that Qlik Support can not help setting up Database Traffic Encryption, while Qlik Consulting Services may be utilized for deployment implementation. 

Qlik Sense supports database traffic encryption using SSL/TLS, but it is not enabled by default. The Qlik Sense installer cannot use SSL encryption for establishing a connection to PostgreSQL. When SSL encryption is enabled, the installer does not recognize any already installed PostgreSQL databases, and as a consequence, installation cannot be completed. Password security and local IT policy around certificate need to be considered before enabling database encryption, as the implementation includes manual configuration of the Qlik Sense deployment.

Qlik recommends that the configuration in this section is performed by someone with sufficient skills in PostgreSQL database configuration.

This article covers two scenarios  of enabling Database Traffic Encryption;

  1. PostgreSQL database installed locally with the Qlik Sense installer
  2. Qlik Sense referred to the existing database during installation 

Environment:

  • Qlik Sense Enterprise on Windows, all versions

 

Note 1: The Qlik Sense installer cannot use SSL encryption for establishing a connection to PostgreSQL. So any upgrades will fail. Prior to upgrading, disable the encryption. You can enable it again after the upgrade is complete.

Source and more information on Note 1: Unable to upgrade Qlik Sense with missing 'SenseServices', 'QSMQ', and 'Licenses' database for respe...

Note 2: If Centralized Logging is enabled in the environment, it may stop functioning once encryption is enabled. See Qlik Sense Logging Service does not have support for SSL Database traffic encryption.

Note 3: Always take a complete backup of Qlik Sense deployment before altering system configuration, to allow restoring a working state in case of disaster. 

These scenario apply the default Qlik Sense signed certificate to encrypt traffic for a PostgreSQL database. Qlik Sense signed certificate is commonly only fully trusted by Qlik Sense nodes, which means other usage may not comply with local IT policies.  It is recommended that a fully trusted certificate is used when applying encrypted database traffic for production environments. Consult local IT department for details on how to retrieve a fully trusted certificate. 

1. PostgreSQL database installed locally with the Qlik Sense installer 

This scenario assumes a standard Qlik Sense installation, where Qlik Sense Repository Database is installed on the Qlik Sense central node as part of the Qlik Sense installation. 

2. Qlik Sense referred to existing database during installation 

This scenario assumes a custom Qlik Sense installation, where Qlik Sense is configured to use a dedicated PostgreSQL database as its Repository Database. 

Labels (1)
Version history
Last update:
‎2020-11-09 07:58 AM
Updated by:
Contributors