Skip to main content
Qlik Resources

Replacing the self-signed certificate on Windows

The instructions below are intended for organizations who wish to replace the self-signed certificate generated by the Compose Server on Windows with their own certificate. The process, which is described below, involves removing the self-signed certificate and then importing the new certificate.

See also Setting up HTTPS for the Compose console.

Before starting, make sure that the following prerequisites have been met:

  • The replacement certificate must be a correctly configured SSL PFX file containing both the private key and the certificate.
  • The common name field in the certificate must match the name browsers will use to access the machine.

To remove the self-signed certificate created by Qlik Compose:

  1. Stop the Qlik Compose service.
  2. Open a command prompt (using the "Run as administrator" option) and change the path to the Compose bin directory. The default path is C:\Program Files\Qlik\Compose\bin.

  3. Run the following command:

    composeCtl.exe certificate clean

To import your own certificate:

  1. Run mmc.exe to open the Microsoft Management Console.

  2. From the File menu, select Add/Remove Snap-in. The Add or Remove Snap-ins window opens.

  3. In the left pane, double-click Certificates. The Certificates snap-in wizard opens.

  4. Select Computer account and then click Next.
  5. In the Select Computer screen, make sure that Local computer is selected and then click Finish.
  6. Click OK to close the Add or Remove Snap-ins window.
  7. In the left pane, expand the Certificates folder. Then, right-click the Personal folder and select All Tasks > Import.
  8. In the File to Import screen, select your PFX certificate file. Note that by default the Open window displays CER files. In order to see your PFX files, you need to select Personal Information Exchange from the drop-down list in the bottom right of the window.
  9. Click Next and enter the private key password.
  10. Continue clicking Next until you reach the Completing the Certificate Import Wizard screen. Then click Finish to exit the wizard.

  11. In the Personal > Certificates folder, double-click the newly imported certificate. The Certificate window opens.

  12. Scroll down the Details tab until you see the Thumbprint details and copy them to the clipboard.

  13. Open a command prompt and run the following commands:

    Syntax:

    ¢ netsh http add sslcert ipport=0.0.0.0:443 certhash=[YOUR_CERTIFICATE_THUMBPRINT_WITHOUT_SPACES] appid={4dc3e181-e14b-4a21-b022-59fc669b0914}

    Example:

    netsh http add sslcert ipport=0.0.0.0:443 certhash=5f6eccba751a75120cd0117389248ef3ca716e61 appid={4dc3e181-e14b-4a21-b022-59fc669b0914}

    Syntax:

    ¢ netsh http add sslcert ipport=[::]:443 certhash=[YOUR_CERTIFICATE_THUMBPRINT_WITHOUT_SPACES] appid={4dc3e181-e14b-4a21-b022-59fc669b0914}

    Example:

    netsh http add sslcert ipport=[::]:443 certhash=5f6eccba751a75120cd0117389248ef3ca716e61 appid={4dc3e181-e14b-4a21-b022-59fc669b0914}

  14. Close the command prompt and Microsoft Management Console.
  15. Start the Qlik Compose service.

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – let us know how we can improve!

Leave your feedback here