The requirements described in this section must be fulfilled for the certificate trust to function properly.
General
In Microsoft Windows environments, permission to access the certificate private key is a prerequisite for using Transport Layer Security (TLS). The access is needed both on the server-side and for certificate authentication between services.
Communication ports
To set up certificate trust, the Qlik Sense Repository Services (QRSs) require that the ports listed in the following table can be opened and used for communication. If any communication passes through a network firewall, the ports in the firewall must be opened and configured for the services.
| Port no. | Description |
|---|---|
| 4570 |
Certificate password verification port, only used within multi-node sites by Qlik Sense Repository Services (QRSs) on rim nodes to receive the password that unlocks a distributed certificate. The port can only be accessed from localhost and it is closed immediately after the certificate has been unlocked. The communication is always unencrypted. This port uses HTTP for communication. |
| 4444 |
Security distribution port, only used by Qlik Sense Repository Services (QRSs) on rim nodes to receive a certificate from the master QRS on the central node. The communication is always unencrypted, but the transferred certificate package is password-protected. This port uses HTTP for communication. |
The Qlik Sense services use the following protocols:
- The Qlik Sense Engine Service (QES) uses the Qlik Engine API over Transport Layer Security (TLS).
- All other services use REST/JSON as the protocol over TLS.
See: Ports overview