Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
How to configure to use a new .pfx certificate for use with Qlik NPrinting Web Console and/or the NewsStand after converting it to the .key and .crt format
CNG-type certificates are not supported for use with NPrinting Server. See Requirements(help.qlik.com).
Items Needed:
Please review this information with your internal Certificate Authority or appropriate IT team that would provide the certificate and follow their guidelines if it differs from the steps here. If a new certificate cannot be issued for the Qlik NPrinting server, a workaround for the issue may be found under General: what does the certificate error(red cross) in browser mean and how to fix it.
All the steps below can be performed automatically with one click using a third-party tool called NPrinting Certificate Configurator, which can be downloaded from the Releases section. Keep in mind that Qlik does NOT support the 3rd party software mentioned and used in this documentation. Please use them at your own discretion and, if concerned, contact the proper IT team within your company to verify the ability to use non-Qlik related software in the environment.
Before proceeding to the following steps, you must first install Open SSL. See Installing OpenSSL.
3. Decrypt the .key file. Qlik NPrinting cannot have a passphrase on the .key file. Follow steps below to remove/decrypt the .key file. This is REQUIRED.
Test Command: openssl rsa -in C:\NPCerts\QS3.key -out C:\NPCerts\QS3.key
Example Command: openssl rsa -in [keyfile-encrypted.key] -out [keyfile-decrypted.key]
Note: At this stage, we’re removing the pass phrase from the .key, unencrypting it for Qlik NPrinting to read it.
In the Test Command, we’re overwriting the same file in the command. This works, but if you want a separate copy of the encrypted and decrypted Key you’ll need to make them different file names or locations.
Restart the Qlik NPrinting Web Engine and check the nprinting_webengine.log to verify there’s no issues with new certificate information.
Note: The above is an example of a clean start of the Web Engine. Default location for those logs are located: "C:\ProgramData\NPrinting\Logs"
Verify that the certificate is being used in the browser.
Note: In this example, the certificate is correctly being presented to the browser under the URL of qlikserver3.domain.local. With this certificate, it’s the ONLY name that this certificate will trust.
Note: This is the result using the servername instead of the FQDN. You can access the URL, but it presents a “Not secure” message, but shows the correctly installed certificate. The reason for this is that the server recognizes the name, but the certificate only allows qlikserver3.domain.local. If you want multiple URL/Aliases, they need to be added in the certificate.
Securing the NPrinting Web Console with 3rd party certificates
The information in this article is provided as-is and to be used at own discretion. Depending on tool(s) used, customization(s), and/or other factors ongoing support on the solution below may not be provided by Qlik Support.