Creating an SSL certificate for the Qlik Web Connectors

When you enable SSL authentication in the Qlik Web Connectors, you must configure the Qlik Web Connectors port with an SSL certificate. If you do not configure the port with an SSL certificate and SSL authentication is enabled, the Qlik Web Connectors will not run. There are four steps to create and configure an SSL certificate.

Prerequisites

By default, user SSL encryption is set to false. Before you set up SSL authentication, set SSL encryption to true.

Enable SSL encryption.

Creating a certificate authority

You can create a certificate authority from the Windows PowerShell.

Do the following:

  1. Open the Windows PowerShell as an administrator.

  2. Enter the following command:

    New-SelfSignedCertificate -Type Custom -DnsName "Your host name" -FriendlyName "QWC" -NotAfter([DateTime]::Now.AddYears(5)) -KeyLength 4096 -HashAlgorithm SHA512 -CertStoreLocation "cert:\LocalMachine\My"

    Replace the -DnsName "your host name" with your host name.

    Warning:

    The example above works with Windows Server 2016 and Windows 10. If you are using another version of WIndows, see the New-SelfSignedCertificate documentation as the parameters may not be the same for different versions.

    Note:

    You might also need to change the host name in the deploy.config file. Open the file in a text editor and set the host name override vale to the same host name you use to create the certificate authority.

    <HostnameOverride>"your host name"</HostnameOverride>

    To learn more about the deploy.config file, see Editing deploy.config

  3. Run the command.

    The PowerShell window after you run the command. The certificate thumbprint is underlined.
Tip: Copy the thumbprint to your clipboard as you will need to use this value later.

Trusting the certificate authority

You trust the certificate authority from the Microsoft Management Console.

Do the following:

  1. Open the Microsoft Management Console by typing MMC in the WIndows search menu.

  2. Click File and then select Add/Remove Snap-in....

    The Add or Remove Snap-ins dialog opens.

  3. From the Available snap-ins menu, select Certificates.
  4. Click Add >.

    A Certificates snap-in dialog opens.

  5. Select Computer account and click Next.
  6. Select the computer you want the snap-in to manage and then click Finish.

    The certificate should appear in the Selected snap-ins menu.

    The Add or Remove Snap-ins menu after adding the Certificates snap-in.
  7. Click OK.
  8. Move the certificate from Personal > Certificates to Trusted Root Certification Authorities > Certificates.

    The MMC showing the newly created certificate in Personal Certificates. You need to move this certificate into the Trusted Root Certification Authorities certificates folder.

Binding the certificate to the port

You need to bind the certificate to the port that the Qlik Web Connectors runs on. By default, this is port 5555. If you have changed the port in the deploy.config file, then use that port number.

Do the following:

  1. Open the Windows Command Prompt and run as administrator.

  2. Verify that there is no other certificate bound to this port.

    Enter the following command:

    netsh http show sslcert ipport=0.0.0.0:5555

  3. If there is an existing certificate, you can delete it by entering the following command:

    netsh http delete sslcert ipport=0.0.0.0:5555

    Repeat step 2 to verify that you have deleted the certificate.

  4. To bind the certificate to the port, enter the following command:

    netsh http add sslcert ipport=0.0.0.0:5555 certstorename=Root certhash=‎71201e38c23ce97865da89db395944db2452197f appid={004FC337-C805-4623-8E5B-B2FCE18F0719}

    Note: Replace the certhash value with the thumbprint that you copied earlier.

If the command is successful, you will see this message: 

SSL Certificate successfully added.

If after binding the certificate to the port you still cannot open the Qlik Web Connectors, see: Troubleshooting Qlik Web Connectors installation

Installing the certificate authority on other machines

Other users that connect to the Qlik Web Connectors need to have the same certificate installed on the machine they use to access the Qlik Web Connectors.

Do the following:

  1. Open the Microsoft Management Console by typing MMC in the WIndows search menu.
  2. In the Console Root, go to Trusted Root Certification Authorities > Certificates.
  3. Right-click on the certificate that you created, then select All tasks > Export.

    Follow the instructions in the Certificate Export Wizard.

  4. On the other machine, open the Microsoft Management Console.
  5. In the Console Root, go to Trusted Root Certification Authorities.
  6. Right-click on Certificates, then select All tasks > Import.

    Follow the instructions in the Certificate Import Wizard.

Note:

When you open the Qlik Web Connectors after adding certificates, you may need to configure the browser.

Firefox: add an Exception the first time you browse to the site.

For Safari on IOS device: opt to trust the site/certificate the first time you visit it.

Did this information help you?

Thanks for letting us know. Is there anything you'd like to tell us about this topic?

Can you tell us why it did not help you and how we can improve it?