Creating an SSL certificate for the Qlik Web Connectors
When you enable SSL authentication in the Qlik Web Connectors, you must configure the Qlik Web Connectors port with an SSL certificate. If you do not configure the port with an SSL certificate and SSL authentication is enabled, the Qlik Web Connectors will not run. There are four steps to create and configure an SSL certificate.
Prerequisites
By default, user SSL encryption is set to false. Before you set up SSL authentication, set SSL encryption to true.
Creating a certificate authority
You can create a certificate authority from the Windows PowerShell.
Do the following:
-
Open the Windows PowerShell as an administrator.
-
Enter the following command:
New-SelfSignedCertificate -Type Custom -DnsName "Your host name" -FriendlyName "QWC" -NotAfter([DateTime]::Now.AddYears(5)) -KeyLength 4096 -HashAlgorithm SHA512 -CertStoreLocation "cert:\LocalMachine\My"
Replace the -DnsName "your host name" with your host name.
Warning noteThe example above works with Windows Server 2016 and Windows 10. If you are using another version of WIndows, see the New-SelfSignedCertificate documentation as the parameters may not be the same for different versions.
Information noteYou might also need to change the host name in the deploy.config file. Open the file in a text editor and set the host name override vale to the same host name you use to create the certificate authority.
<HostnameOverride>"your host name"</HostnameOverride>
To learn more about the deploy.config file, see Editing deploy.config
-
Run the command.
Trusting the certificate authority
You trust the certificate authority from the Microsoft Management Console.
Do the following:
-
Open the Microsoft Management Console by typing MMC in the WIndows search menu.
-
Click File and then select Add/Remove Snap-in....
The Add or Remove Snap-ins dialog opens.
- From the Available snap-ins menu, select Certificates.
-
Click Add >.
A Certificates snap-in dialog opens.
- Select Computer account and click Next.
-
Select the computer you want the snap-in to manage and then click Finish.
The certificate should appear in the Selected snap-ins menu.
- Click OK.
-
Move the certificate from Personal > Certificates to Trusted Root Certification Authorities > Certificates.
Binding the certificate to the port
You need to bind the certificate to the port that the Qlik Web Connectors runs on. By default, this is port 5555. If you have changed the port in the deploy.config file, then use that port number.
Do the following:
-
Open the Windows Command Prompt and run as administrator.
-
Verify that there is no other certificate bound to this port.
Enter the following command:
netsh http show sslcert ipport=0.0.0.0:5555
-
If there is an existing certificate, you can delete it by entering the following command:
netsh http delete sslcert ipport=0.0.0.0:5555
Repeat step 2 to verify that you have deleted the certificate.
-
To bind the certificate to the port, enter the following command:
netsh http add sslcert ipport=0.0.0.0:5555 certstorename=Root certhash=71201e38c23ce97865da89db395944db2452197f appid={004FC337-C805-4623-8E5B-B2FCE18F0719}
Information noteReplace the certhash value with the thumbprint that you copied earlier.
If the command is successful, you will see this message:
SSL Certificate successfully added.
If after binding the certificate to the port you still cannot open the Qlik Web Connectors, see: Troubleshooting Qlik Web Connectors installation
Installing the certificate authority on other machines
Other users that connect to the Qlik Web Connectors need to have the same certificate installed on the machine they use to access the Qlik Web Connectors.
Do the following:
- Open the Microsoft Management Console by typing MMC in the WIndows search menu.
- In the Console Root, go to Trusted Root Certification Authorities > Certificates.
-
Right-click on the certificate that you created, then select All tasks > Export.
Follow the instructions in the Certificate Export Wizard.
- On the other machine, open the Microsoft Management Console.
- In the Console Root, go to Trusted Root Certification Authorities.
-
Right-click on Certificates, then select All tasks > Import.
Follow the instructions in the Certificate Import Wizard.
When you open the Qlik Web Connectors after adding certificates, you may need to configure the browser.
Firefox: add an Exception the first time you browse to the site.
For Safari on IOS device: opt to trust the site/certificate the first time you visit it.