1 Reply Latest reply: Sep 10, 2018 8:49 PM by Leslie Alphonso RSS

    Issue in SSL certificate import in qliksense server

    Sumanta Kumar Mandal

      Hi All,

       

      I followed below steps:


      1. Launch the MMC on the proxy node.

      2. In the MMC, open File > Add / Remove Snap-in....

      3. Select Certificates and click Add.

      4. Select Computer account, click Next, select Local computer and click Finish.

      5. In the MMC, open Certificates (Local Computer)/Personal.

      6. In the MMC, open Actions > All Tasks > Import....

      7. Browse to the certificate file provided by your CA.

      8. Follow the instructions on the screen to import the certificate, including the private key.

      9. Verify that the new certificate has been imported into Certificates (Local Computer) > Personal > Certificates and that it contains a private key.

      10.Double-click the Certificate > Certification Path and confirm it shows "This certificate is OK".

      11.You must make sure that the certificate is available for the service account that is running the Qlik Sense services. The best way to do this is to run the MMC as the service account and see if the certificate is visible in Personal > Certificates. If you are running services with local system, you can use a tool such as Psexec to run the MMC as local system and check that the certificate is available.

      12.Locating the certificate thumbprint

      13.In the MMC, right-click the imported certificate and select Open.

      14.On the Details tab, scroll down and select Thumbprint.

      15.Mark/highlight the thumbprint hash value and press CTRL+C to copy the hash value to the clipboard.

      16.Paste the hash value in a text editor and remove all the spaces.

      17.Configuring the proxy node

      18.Open the Qlik Management Console(QMC).

      19.Open Proxies.

      20.Select your proxy and click Edit.

      21.In Properties to the right, select Security.

      22.Scroll down and locate SSL browser certificate thumbprint in the Security section.

      23.Paste the thumbprint hash value for the new certificate (from the text editor).

      24.Click Apply.


      But still getting below error:

      pic.PNG

        • Re: Issue in SSL certificate import in qliksense server
          Leslie Alphonso

          Hi Sumantha,

           

          There are a couple of steps that you can attempt to resolve your issue. Please ensure you have adequate backups before following through with any changes.

           

          1. Check out the Security Log file on C:\ProgramData\Qlik\Sense\Log\Proxy\Trace. If there are any issues with the certificate, it rolls back to the default certificate.

          2. on the MMC - (local computer) - personal certificates, right click on the certificate file you installed and select All tasks -> Manage Private Keys. Add the Qlik service account (Account running all qlik services) and explicitly grant full control + Read permissions to the qlik service account

          3. You might not need to remove all spaces from the thumbprint value - however you do need to remove the first character if its not readable (paste it into a command prompt window to see the 'invisible" character).

          4. (If you cannot access the QMC at this stage to update the hash - you might have to use as postgres client to access the database and update the ssl thumbprint field in the ProxyServiceSettings table.

          5. Stop all Qlik services. Open a command prompt with admin privileges and run C:\Program Files\Qlik\Sense\Repository\repository.exe -bootstrap

          6. Start the Qlik services.

           

          regards,

          LA.