Skip to main content Skip to complementary content

Setting Up Qlik Replicate console HTTPS support

Industry-standard security practices dictate that web user interface for enterprise products must use secure HTTP (HTTPS). Qlik Replicate enforces the use of HTTPS and will not work if HTTPS is configured incorrectly.

As Qlik Replicate uses the built-in HTTPS support in Windows, it relies on the proper setup of the Windows machine it runs on to offer HTTPS access. In most organizations, the IT security group is responsible for generating and installing the SSL server certificates required to offer HTTPS. It is strongly recommended that the machine on which Replicate is installed already has a valid SSL server certificate installed and bound to the default HTTPS port (443).

Checking if an SSL certificate is installed

To check whether an SSL certificate is installed, you can use the following command:

netsh http show sslcert | findstr /c:":443 "

If an SSL certificate is installed, the output should look like this:

netsh http show sslcert | findstr /c:":443 "

IP:port : 192.168.1.13:443

IP:port : 192.168.1.11:443

IP:port : [fe80::285d:599c:4a55:1092%11]:443

IP:port : [fe80::3d0e:fb1c:f6c3:bc52%23]:443

 

With a valid SSL certificate installed, the Qlik Replicate web user interface will automatically be available for secure access from a web browser using the following URL:

https://<machine-name>/attunityreplicate

Using the self-signed certificate

Due to the way the HTTPS protocol works, there is no way for Qlik Replicate to automatically provide and install a valid SSL server certificate. Still, in the event that no SSL server certificate is installed, Qlik Replicate automatically generates and installs a self-signed SSL server certificate (as a temporary measure). This certificate is generated on the Replicate machine and cannot be exported or used elsewhere.

It should be noted that browsers do not consider the certificate to be valid because it was not signed by a trusted certificate authority (CA).

When connecting with a browser to a server that uses a self-signed certificate, a warning page is shown informing you that the connection is not secure or similar (depending on the browser).

The warning page informs you that the certificate was signed by an unknown certificate authority. All browsers display a similar page when presented with a self-signed certificate. If you know that the self-signed certificate is from a trusted organization, then you can instruct the browser to trust the certificate and allow the connection. Instructions on how to trust the certificate vary between browsers and even between different versions of the same browser. If necessary, refer to the help for your specific browser.

Information note

Some corporate security policies prohibit the use of self-signed certificates. In such cases, it is incumbent upon the IT Security department to provide and install the appropriate SSL server certificate (as is the practice with other Windows products such as IIS and SharePoint). If a self-signed certificate was installed and needs to be removed, then the following command can be used:

$ netsh http delete sslcert ipport=192.168.1.13:443

where ipport should be replaced with the ip:port combination generated by the netsh command shown in Checking if an SSL certificate is installed.

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – let us know how we can improve!