A certificate is a data file that contains keys that are used to encrypt communication between a client and a server in a domain. Certificates also confirm that the domain is known by the organization that issued the certificate. A certificate includes information about the keys, information about the identity of the owner, and the digital signature of an organization that has verified that the content of the certificate is correct. The pair of keys (public and private keys) are used to encrypt communication.
Qlik products use certificates when they communicate with each other. They also use certificates within products, for communication between components that are installed on different computers. These are standard TLS certificates.
The organization that issues the certificate, the certificate authority, is said to “sign” the certificate. You can arrange to get certificates from a certificate authority, to show your domain is known. You can also issue and sign your own (“self-signed certificates”).
Some common errors
Because it is generally important for security to know whether a site is known, browsers will display error messages related to certificates and might block communication.
Some common errors are related to the certificate authority. For example, if there is no certificate authority or if the certificate has expired, the default level of security in most browsers will stop communication with a message about “unsigned certificates”, “expired certificates”, or similar terms. If your security administrators know that the certificate is still good, you can create an exception so the error is ignored for that certificate.
Other common errors are related to how the domain is named. For example, companyname.com is a different domain from www.companyname.com, and localhost is a different domain from a server name. A fully qualified domain name is an unambiguous name for a domain. For example, a server at companyname.com might be named mktg-SGK, and can be referred to that way, but the fully qualified domain name is mktg-SGK.companyname.com. (This is called whitelisting.)
Encryption and keys
The kind of encryption used in certificates in Qlik products requires a pair of keys (asymmetric encryption). One key, the public key, is shared. The other key, the private key, is used only by the owner.
PEM is an ASCII text format for public certificates. It is portable across platforms.
You can get certificates and key pairs from certificate authorities or you can generate them. To get a certificate signed, you will need to also generate a signing request.