Skip to main content

Replacing the self-signed certificate on Windows

The instructions below are intended for organizations who wish to replace the built-in self-signed certificate automatically generated by the Enterprise Manager UI Server on Windows with their own certificate. This is achieved by removing the self-signed certificate and then importing the new certificate.

See also Setting up HTTPS for the Enterprise Manager console.

Before starting, make sure that the following prerequisites have been met:

  • The replacement certificate must be a correctly configured SSL PFX file containing both the private key and the certificate.
  • The common name field in the certificate must match the URL name that browsers will use to access the Enterprise Manager Console.
  • The Certificate Subject Alternative Name must match the URL name that browsers will use to access the Enterprise Manager Console.
  1. Stop the Qlik Enterprise Manager service.
  2. Open a command prompt (using the "Run as administrator" option) and change the path to the bin directory. The default path is:

    C:\Program Files\Qlik\Enterprise Manager\bin.

  3. Run the following command:

    AemCtl.exe certificate clean

  1. Run mmc.exe to open the Microsoft Management Console.
  2. From the File menu, select Add/Remove Snap-in.

    The Add or Remove Snap-ins dialog box opens.

  3. In the left pane, double-click Certificates.

    The Certificates snap-in wizard opens.

  4. Select Computer account and then click Next.
  5. In the Select Computer screen, make sure that Local computer is selected and then click Finish.
  6. Click OK to close the Add or Remove Snap-ins dialog box.
  7. In the left pane, expand the Certificates folder. Then, right-click the Personal folder and select All Tasks>Import.
  8. In the File to Import screen, select your PFX certificate file. Note that by default the Open dialog box displays CER files. In order to see your PFX files, you need to select Personal Information Exchange from the drop-down list in the bottom right of the dialog box.
  9. Click Next and enter the private key password.
  10. Continue clicking Next until you reach the Completing the Certificate Import Wizard screen. Then click Finish to exit the wizard.
  11. In the Personal> Certificates folder, double-click the newly imported certificate.

    The Certificate dialog box opens.

  12. Scroll down the Details tab until you see the Thumbprint details and copy them to the clipboard.
  13. Open a command prompt and run one of the following commands:

    Syntax:

    ¢ netsh http add sslcert ipport=0.0.0.0:443 certhash=[YOUR_CERTIFICATE_THUMBPRINT_WITHOUT_SPACES] appid={4dc3e181-e14b-4a21-b022-59fc669b0914}

    Example:

    netsh http add sslcert ipport=0.0.0.0:443 certhash=5f6eccba751a75120cd0117389248ef3ca716e61 appid={4dc3e181-e14b-4a21-b022-59fc669b0914}

    Syntax:

    ¢ netsh http add sslcert ipport=[::]:443 certhash=[YOUR_CERTIFICATE_THUMBPRINT_WITHOUT_SPACES] appid={4dc3e181-e14b-4a21-b022-59fc669b0914}

    Example:

    netsh http add sslcert ipport=[::]:443 certhash=5f6eccba751a75120cd0117389248ef3ca716e61 appid={4dc3e181-e14b-4a21-b022-59fc669b0914}

  14. Close the command prompt and Microsoft Management Console.
  15. Start the Qlik Enterprise Manager service.

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – let us know how we can improve!