Qlik Sense on Windows: Setup Database Traffic Encryption
Disclaimer: Encrypted communication between PostgreSQL database and Qlik Sense services is a supported setup. This article provides general guidance on how to enable encryption on PostgreSQL database server, but local adjustment must be applied to comply with local IT requirements.Please be aware that Qlik Support can not help setting up Database Traffic Encryption, while Qlik Consulting Services may be utilized for deployment implementation.
Qlik Sense supports database traffic encryption using SSL/TLS, but it is not enabled by default. The Qlik Sense installer cannot use SSL encryption for establishing a connection to PostgreSQL. When SSL encryption is enabled, the installer does not recognize any already installed PostgreSQL databases, and as a consequence, installation cannot be completed. Password security and local IT policy around certificate need to be considered before enabling database encryption, as the implementation includes manual configuration of the Qlik Sense deployment.
Qlik recommends that the configuration in this section is performed by someone with sufficient skills in PostgreSQL database configuration.
This article covers two scenarios of enabling Database Traffic Encryption;
PostgreSQL database installed locally with the Qlik Sense installer
Qlik Sense referred to the existing database during installation
Qlik Sense Enterprise on Windows, all versions
Note 1: The Qlik Sense installer cannot use SSL encryption for establishing a connection to PostgreSQL. So any upgrades will fail. Prior to upgrading, disable the encryption. You can enable it again after the upgrade is complete.
Note 3: Always take a complete backup of Qlik Sense deployment before altering system configuration, to allow restoring a working state in case of disaster.
These scenario apply the default Qlik Sense signed certificate to encrypt traffic for a PostgreSQL database. Qlik Sense signed certificate is commonly only fully trusted by Qlik Sense nodes, which means other usage may not comply with local IT policies. It is recommended that a fully trusted certificate is used when applying encrypted database traffic for production environments. Consult local IT department for details on how to retrieve a fully trusted certificate.
1. PostgreSQL database installed locally with the Qlik Sense installer
This scenario assumes a standard Qlik Sense installation, where Qlik Sense Repository Database is installed on the Qlik Sense central node as part of the Qlik Sense installation.