Skip to main content Skip to complementary content
Qlik Resources

Certificates

A certificate is a data file that contains keys that are used to encrypt communication between a client and a server in a domain. Certificates also confirm that the domain is known by the organization that issued the certificate. A certificate includes information about the keys, information about the identity of the owner, and the digital signature of an organization that has verified that the content of the certificate is correct. The pair of keys (public and private keys) are used to encrypt communication.

Qlik products use standard TLS certificates when they communicate with each other.

  • The Qlik Sense Proxy Service uses front-end certificates to establish HTTPS connections to the Qlik Sense Hub and Management Console. For more information, see Certificates used by the Qlik Sense Proxy Service.

  • Qlik products use internal certificates for secure communication between components installed on separate computers. For more information, see Certificate trust.

The organization that issues the certificate, the certificate authority (CA), is said to "sign" the certificate. You can arrange to get certificates from a certificate authority, to show your domain is known. You can also issue and sign your own certificates (self-signed certificates).

Certificate revocation check

A revocation check is a process used to determine whether a digital certificate that has been previously issued and is in use should continue to be trusted. The status of a certificate can be verified by checking against a Certificate Revocation List (CRL) or an Online Certificate Status Protocol (OCSP) responder.

Front-end certificates

For a self-signed or custom root certificate authority, Qlik Sense installations use CRL and OSCP extensions. These extensions rely on public infrastructure, specifically CRL and OSCP endpoints, which must be embedded in the certificates. Qlik Sense does not provide this infrastructure, but you are free to embed the extensions in certificates and maintain the associated CRL/OSCP infrastructure.

For CA certificates issued by trusted certificate authorities (for example, DigiCert), the extensions are based on infrastructure managed by the respective certificate authority. Modern browsers support Certificate Transparency (CT)—a security measure for SSL/TLS certificates used in web encryption. It involves public logging of all issued certificates, making it possible to detect and prevent unauthorized or fraudulent certificates. For more information, see What is Certificate Transparency?.

Internal certificates

Qlik internal certificates (trust) do not use CRL or OSCP for certificate chain validation.

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – let us know how we can improve!

Leave your feedback here