Skip to main content

Setting up HTTPS for the Compose for Data Warehouses console

ON THIS PAGE

Setting up HTTPS for the Compose for Data Warehouses console

Industry-standard security practices dictate that web user interface for enterprise products must use secure HTTP (HTTPS). Qlik Compose for Data Warehouses enforces the use of HTTPS and will not work if HTTPS is configured incorrectly.

As Compose for Data Warehouses uses the built-in HTTPS support in Windows, it relies on the proper setup of the Windows machine it runs on to offer HTTPS access. In most organizations, the IT security group is responsible for generating and installing the SSL server certificates required to offer HTTPS. It is strongly recommended that the machine on which Compose for Data Warehouses is installed already has a valid SSL server certificate installed and bound to the default HTTPS port (443).

Checking if an SSL certificate is installed

To check whether an SSL certificate is installed, you can use the following command:

netsh http show sslcert | findstr /c:":443 "

If an SSL certificate is installed, the output should look like this:

netsh http show sslcert | finds

tr /c:":443 "

IP:port : 192.168.1.13:443

IP:port : 192.168.1.11:443

IP:port : [fe80::285d:599c:4a55:1092%11]:443

IP:port : [fe80::3d0e:fb1c:f6c3:bc52%23]:443

With a valid SSL certificate installed, the Qlik Compose for Data Warehouses web user interface will automatically be available for secure access from a web browser using the following URL:

https://<ComputerName>/attunitycompose_datawarehouses/

Where <ComputerName> is the name or IP address of the computer on which Compose for Data Warehouses is installed.

Using the self-signed certificate

Due to the way the HTTPS protocol works, there is no way for Compose for Data Warehouses to automatically provide and install a valid SSL server certificate. Still, in the event that no SSL server certificate is installed, Compose for Data Warehouses automatically generates and installs a self-signed SSL server certificate (as a temporary measure). This certificate is generated on the Compose for Data Warehouses machine and cannot be exported or used elsewhere.

It should be noted that browsers do not consider the certificate to be valid because it was not signed by a trusted certificate authority (CA). When connecting with a browser to a server that uses a self-signed certificate, a warning page is shown such as this one in Chrome:

Certificate error warning in Google Chrome

Or this one in Firefox:

Certificate error warning in Mozilla Firefox

The warning page informs you that the certificate was signed by an unknown certificate authority. All browsers display a similar page when presented with a self-signed certificate. If you know that the self-signed certificate is from a trusted organization, then you can instruct the browser to trust the certificate and allow the connection. Instructions on how to trust the certificate vary between browsers and even between different versions of the same browser. If necessary, refer to the help for your specific browser.

Note:

Some corporate security policies prohibit the use of self-signed certificates. In such cases, it is incumbent upon the IT Security department to provide and install the appropriate SSL server certificate (as is the practice with other Windows products such as IIS and SharePoint). If a self-signed certificate was installed and needs to be removed, then the following command can be used:

composeCtl.exe certificate clean

Note that after the self-signed certificate is deleted, connections to the Qlik Compose for Data Warehouses machine will not be possible until a valid server certificate is installed. Should you want to generate a new self-signed certificate (to replace the deleted certificate), simply restart the Qlik Compose for Data Warehouses service.