Configuring certificates in your Qlik Sense Enterprise on Kubernetes deployment

By default, Qlik Sense Enterprise on Kubernetes is installed with a self-signed certificate that will not be trusted by users browsers. To replace this with a SSL certificate that you own, complete the steps below.

Note: In this example, the certificate is in a file called tls.crt and the associated private key is in a file called tls.key.

Create the secret resource in Kubernetes

  1. Create a file called secret.yaml which will hold the certificate and its key. See the yaml definition below for an example:

    apiVersion: v1
    kind: Secret
    metadata:
      name: my-certificate
      namespace: default
    type: kubernetes.io/tls
    data:
      tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURORENDQWh3Q0NRRHUxeDdVdEdJSjJEQU5CZ2txaGtpRzl3MEJBUXNGQURCY01Rc3dDUVlEVlFRR0V3SkQKUVRFUU1BNEdBMVVFQ0F3SFQyNTBZWEpwYnpFUE1BMEdBMVVFQnd3R1QzUjBZWGRoTVJRd0VnWURWUVFLREF0TQpaWGhqYjNKd0lFbHVZekVVTUJJR0ExVUVBd3dMYkdWNFkyOXljQzVqYjIwd0hoY05NVGd3TmpJM01Ua3hOelV3CldoY05NVGt3TmpJM01Ua3hOelV3V2pCY01Rc3dDUVlEVlFRR0V3SkRRVEVRTUE0R0ExVUVDQXdIVDI1MFlYSnAKYnpFUE1BMEdBMVVFQnd3R1QzUjBZWGRoTVJRd0VnWURWUVFLREF0TVpYaGpiM0p3SUVsdVl6RVVNQklHQTFVRQpBd3dMYkdWNFkyOXljQzVqYjIwd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUUQyCndTZk03TDJiTHBnR1VsRERIci8rSUc3YlFONndnTzVMYWdqcnJramFHRjRGcVc0NS9Ha3hHTVhlZzZSTUpuYnkKTTI1RVloY2ZSVllzTmtaQVpCakYzM2ZwNlBqYjhydzhZV016RnJMOUtkeG8rZEtYSE14MTkvaExTaS82QTJOMgpBNzJta1krT2JmMHl0R1B5aEZVY0lEZEFxbWtGTitoTXlGZjQwS0l5VS94NjZMVHhsYjZLQm1uZm9LK3VlNStZCmVxcGVLRkhBZkZwK1NFSG5UMkNJZXdmQXR0Z29NL3dyREZVcENPS0sxZEJMUytzbzBZOUFCWG9wRm05U1RGV00KNVdZMno1NWdoa1l6UUpmemlRMC9WZkppamdMWmhwcjRCRVAwaXV0dlRIczhrSFIyUTJqSkxVNEpncFViTnlXOQpUejFLQzhMVGpiL1J4RVJCK01FWkFnTUJBQUV3RFFZSktvWklodmNOQVFFTEJRQURnZ0VCQUlJSitsc2tlcUwzClpPVmxwNm1ZakRmRGt5Z1dkQVlCU0pINDdidHJkQUZrSlpQVVVMTzl6cTAxd0VBUHArRzFqZGUzSG42QmtyM0cKcklsRFZEckFobGRLR0hONS9BMXdoMjBxVlNKZzBkV25ielJnSVlkK0ljdjhIa1RORGlUSDRxWHRjUHR2VHQ0NgphTmJUOHc2THl0Sm9YRWNZVEQzcjVXdERKWHFodkdHUjVLNU1Ubmo3QmZxcXNsS2M4ZUZVbFdxOUpJZEZGZGRNClNzbHlhdE1zbk9YMGxtdDc4VnZYRFJ1RU5RM3BYUU1wNkhyQ3ZHRnY0NlhLRE5scVNyZm9vSURvbHBaUW5CdHAKWmdGZHc4U3VtMW91NVo1V0QxeW9XYkdLdFlLaTFiZkdNRHlsNURqZHdIakk0dG5GZk5LQ2E5TGZMdG5hS2V2RwprcS8wOTBtcjJxcz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
      tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcFFJQkFBS0NBUUVBOXNFbnpPeTlteTZZQmxKUXd4Ni8vaUJ1MjBEZXNJRHVTMm9JNjY1STJoaGVCYWx1Ck9meHBNUmpGM29Pa1RDWjI4ak51UkdJWEgwVldMRFpHUUdRWXhkOTM2ZWo0Mi9LOFBHRmpNeGF5L1NuY2FQblMKbHh6TWRmZjRTMG92K2dOamRnTzlwcEdQam0zOU1yUmo4b1JWSENBM1FLcHBCVGZvVE1oWCtOQ2lNbFA4ZXVpMAo4WlcraWdacDM2Q3ZybnVmbUhxcVhpaFJ3SHhhZmtoQjUwOWdpSHNId0xiWUtEUDhLd3hWS1FqaWl0WFFTMHZyCktOR1BRQVY2S1JadlVreFZqT1ZtTnMrZVlJWkdNMENYODRrTlAxWHlZbzRDMllhYStBUkQ5SXJyYjB4N1BKQjAKZGtOb3lTMU9DWUtWR3pjbHZVODlTZ3ZDMDQyLzBjUkVRZmpCR1FJREFRQUJBb0lCQVFEaW9FNU1vTllYazNpZQp2YlZkTDMzSUNjT203WEpaaTJEUXRLZFN4alEwMHBKd0FzZXd6QWxVeFZyZDNldms0S0w0R1pKWmpmbU1oK0w0CklqVHRhTUZ6NHFWQW1POFBHMllVMHFFSVIvM0dGRTlSdnJqU2Z1bXVJenZROG1jVDZVN05FZXg1OGxCMTBNRHUKYzgwajdMUTZhOEF6VFErOWNqYVJacU9kYXdpOHpLWnVpdkhRazFXelU0eTZyYUhRSEliVnZOWHAxMEx0K1RKYQpsRk83RlVwOG05bGh5UllqSy9Vczd6Y0JOaWVRSWRTVGV6QkUvNzlwY0d4Vmd0Yk4xYTkyS2FjR0YzQWpzODF4CnNSQkc2Z2dMbTJ4U25Qdng2Y1ZvRkw4VVNERUtOcDJBKzNnZlh0ZWg4RWNQSDNVcEZNT29YK0swRkh5bUxnY08KZ1g2R0U4OGRBb0dCQVA1MDZaRlcrTTRpbG1ibk42VEFoeVpjbXY3RW1oVDJDb3NaeGUwbUYwcGE4YVUzWmhoOAorUk5nYk4rTjAwbWU3cmtmd2F6L2pMZUpxYUhibTdFSXdENWVQakRsR2lRMmh3L0ZPdzhCWkc5OFYzZVJBblQzCmE3UWxCVmRJcGRUaDVHYjlPbDhFbmN0Ti9ncXdaRi9Xa2wwSmF5VXpHdzg0elFsMm4vRWg1MitqQW9HQkFQaEEKU0wzL3NCK3U2aDkzSUdBOFR4UURPQjJXMnFpY1g4aXkrd3p2U056Z1BCRTlTZTFSQytCMHNPZnV5NStGYUw1OApuazVPSnVjeWVuNXlkYTB1dndaV0ZFUWtkVGxtclRIV3F1d1ZCWWpad1RzVHBuTFp6TWg1ZWE2TTEzV3ZRamdOClRGK1pENUd1QUZuaEpkaHlFbGg5NllpVXFvZkhCbVByYlVsMzNpZ1RBb0dCQU9scXFjOXZMckU1UFNxTU01am8KRzVIdkpTZExoZVJ3aHQ5dTl3ZENCOTluYVgrYlFBWjZyYWsrck9DdG93Skh6c2oyL3AwSmx6WE9ERk96dGpCQgp6TWZwZjdjdWtqcGg0cWR1ejJ4R1pMRjRLR3hBRXpia3VHSDZDOW96aEJ1eVUraTlwa3YvV2hoakpRVDlKalpjCkNNdGJsblA3VzNrdEs3amdubnQrRkdWdEFvR0JBTHk5RXhEdzdsU0lSWk82bkRET2FVakwwY1FkUnd6ZUpxeU4KOXZTMGorN3R4SDFPM1gvQ0dJZUQ4R1BGVjZabVpXWTlsSlh3TVAraGp5UEhuZFFYTUVCKy9WVjVhbTVEcy9XcQpRYlRQbnErVzdxUWRvblM3UmtnOG90aWtWOE12aGViYnBXOGhEWWN5aFMzUVVWZW9FbTZZL0E1TkNRSEZ2UVFHCm44WTFqZjlsQW9HQUM2UFFYZ3dwOTdudzMrWnZBeDJSUktqOHA2VUtraXVpRUlTQnM2ekR4c2hxdHJqR2VpaUQKRDNUNnBHVmhlYU94Y05reFRIVTlCcVo4blNxd080cThjS2xLdXB0SkZFcFNtOVMrMWMveFdvNTdyWlVuNWlLbApDQzFWTkR6anYrRWNjU1FjOGJPZUxTRjd4cjRyYTdnK3pRR0lSdXlvK005TDVBbjJxaEphM1ZRPQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
  2. You can give the name field a meaningful name. In this example we've use my-certificate.

    The tls.crt field is the base64 encoded value of your certificate. You can get this value using the following command:

    cat tls.crt | base64
  3. The base64 decoded value will be displayed on the screen. Enter it for the tls.crt value in your .yaml file.
  4. Do the same for the tls.key:
    cat tls.key | base64
  5. Enter the resulting base64 value in your .yaml file.
  6. Now create the secret resource in Kubernetes using the following command:
    kubectl apply -f secret.yaml
  7. You can verify the secret has been created using the following command:
    kubectl get secret my-certificate

Configure the Ingress to use the Certificate

  1. Configure the Qlik Sense ingress to use the secret created in the previous procedure by adding the following to your values.yaml file:
    # References the “my-certificate” secret created within the “default” namespace
    elastic-infra:
     nginx-ingress:
       controller:
         extraArgs:
           default-ssl-certificate: "default/my-certificate"
  2. Update your cluster using the following command:
    helm upgrade --install qliksense qlik/qliksense -f values.yaml

Verifying the certificate with your browser

  • Using your browser, go to the domain you configured to verify the certificate presented by Qlik Sense’s ingress controller.

Did this information help you?

Thanks for letting us know. Is there anything you'd like to tell us about this topic?

Can you tell us why it did not help you and how we can improve it?