Skip to main content Skip to complementary content
Qlik Resources
Announcements
Loading SearchUnify's search If you need assistance with your product, please contact Qlik Support.
Qlik Customer Portal
Loading SearchUnify's search If you need assistance with your product, please contact Qlik Support.
Qlik Customer Portal

Upgrading the certificate signing algorithm

Qlik Sense installations generate SHA-256 certificates by default. However, administrators have the option to upgrade the certificate to SHA-384. The upgrade is controlled by the following parameters in the repository configuration file:

  • CertificateUpgrade.Enabled (default value: False)

  • Certificate.SignatureAlgorithm (default value: SHA384WITHRSA).

Upgrading a certificate algorithm to SHA-384

Information noteBefore you start the upgrade, create a backup of the certificates. For more information, see Backing up certificates.

Do the following:

  1. Log in to Qlik Sense using the service account credentials.

  2. Go to C:\Program Files\Qlik\Sense\Repository\ and open the file Repository.exe.config.

  3. Set the value of CertificateUpgrade.Enabled to true.

  4. Stop the following Qlik Sense services:

    • Qlik Sense Repository Service

    • Qlik Sense Printing Service

    • Qlik Sense Scheduler Service

    • Qlik Sense Engine Service

    • Qlik Sense Proxy Service

  5. On the central node, run the Qlik Sense Repository Service in bootstrap mode.
    For more information about the Qlik Sense services, see Services.

    1. Open a command prompt as an administrator and navigate to C:\Program Files\Qlik\Sense\Repository.

    2. Run the following command: Repository.exe -bootstrap -iscentral

    3. After successful completion, the following message is displayed: "Entering main startup phase"

    4. Restart the Qlik Sense Service Dispatcher.

    5. Wait for the massage "Bootstrap mode has terminated. Press ENTER to exit".

  6. Start the Qlik Sense services.

    If the services are started manually, start them in the following order:

    • Qlik Sense Repository Service

    • Qlik Sense Printing Service

    • Qlik Sense Scheduler Service

    • Qlik Sense Engine Service

    • Qlik Sense Proxy Service

Information noteIf Qlik NPrinting is connected to the Qlik Sense server, you need to export the certificates to the NPrinting deployment and restart the NPrinting services.

Installations with rim nodes

If your installation includes rim nodes, you need to redistribute the certificates to all nodes.

Do the following:

  1. Delete the certificates following the steps described in Qlik Community: How to recreate or just delete certificates in Qlik Sense - No access to QMC or Hub.

  2. Redistribute the certificates to each node following the steps in Redistributing a certificate.

  3. To verify the distributed certificates, open the Microsoft Management Console (MMC). Refresh the pages with personal certificates and trusted root certificates to view the correct certificate information.

Qlik Sense multi-cloud deployments

For Qlik Sense multi-cloud deployments, do the following:

  1. Navigate to Cloud distribution > Deployment setup.

  2. Delete and re-add any existing deployments, following the steps described in Distributing apps to Qlik Cloud.

For more information, see in Qlik Community: How to recreate or just delete certificates in Qlik Sense - No access to QMC or Hub.

Downgrading a certificate algorithm to SHA-256

Information noteBefore you start the upgrade, create a backup of the certificates. For more information, see Backing up certificates.

Do the following:

  1. Log in to Qlik Sense using the service account credentials.

  2. Go to C:\Program Files\Qlik\Sense\Repository\ and open the file Repository.exe.config.

  3. Set the value of CertificateUpgrade.Enabled to true.

  4. Set the value of Certificate.SignatureAlgorithm to SHA256WITHRSA.

  5. Stop the following Qlik Sense services:

    • Qlik Sense Repository Service

    • Qlik Sense Printing Service

    • Qlik Sense Scheduler Service

    • Qlik Sense Engine Service

    • Qlik Sense Proxy Service

  6. On the central node, run the Qlik Sense Repository Service in bootstrap mode.
    For more information about the Qlik Sense services, see Services.

    1. Open a command prompt as an administrator and navigate to C:\Program Files\Qlik\Sense\Repository.

    2. Run the following command: Repository.exe -bootstrap -iscentral

    3. After successful completion, the following message is displayed: "Entering main startup phase"

    4. Restart the Qlik Sense Service Dispatcher.

    5. Wait for the massage "Bootstrap mode has terminated. Press ENTER to exit".

  7. Start the Qlik Sense Repository Service followed by the other Qlik Sense services.

Information noteIf Qlik NPrinting is connected to the Qlik Sense server, you need to export the certificates to the NPrinting deployment and restart the NPrinting services.

Installations with rim nodes

If your installation includes rim nodes, you need to redistribute the certificates to all nodes.

Do the following:

  1. Delete the certificates following the steps described in Qlik Community: How to recreate or just delete certificates in Qlik Sense - No access to QMC or Hub.

  2. Redistribute the certificates to each node following the steps in Redistributing a certificate.

  3. To verify the distributed certificates, open the Microsoft Management Console (MMC). Refresh the pages with personal certificates and trusted root certificates to view the correct certificate information.

Qlik Sense multi-cloud deployments

For Qlik Sense multi-cloud deployments, do the following:

  1. Navigate to Cloud distribution > Deployment setup.

  2. Delete and re-add any existing deployments, following the steps described in Distributing apps to Qlik Cloud.

For more information, see in Qlik Community: How to recreate or just delete certificates in Qlik Sense - No access to QMC or Hub.

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – let us know how we can improve!

Leave your feedback here