Configuring certificates in your Qlik Sense Enterprise for elastic deployment

By default, Qlik Sense Enterprise for elastic deployments is installed with a self-signed certificate that will not be trusted by users browsers. To replace this with a SSL certificate that you own, complete the steps below.

備註: In this example, the certificate is in a file called tls.crt and the associated private key is in a file called tls.key.

Create the secret resource in Kubernetes

  1. Create a file called secret.yaml which will hold the certificate and its key. See the yaml definition below for an example:

    apiVersion: v1 kind: Secret metadata: name: my-certificate namespace: default type: kubernetes.io/tls data: tls.crt: xxxxxxxxxxxxxxxxxxxx tls.key: xxxxxxxxxxxxxxxxxxxxxx
  2. You can give the name field a meaningful name. In this example we've use my-certificate.

    The tls.crt field is the base64 encoded value of your certificate. You can get this value using the following command:

    $ cat tls.crt | base64
  3. The base64 decoded value will be displayed on the screen. Enter it for the tls.crt value in your .yaml file.
  4. Do the same for the tls.key:
    $ cat tls.key | base64
  5. Enter the resulting base64 value in your .yaml file.
  6. Now create the secret resource in Kubernetes using the following command:
    $ kubectl apply -f secret.yaml
  7. You can verify the secret has been created using the following command:
    $ kubectl get secret my-certificate

Configure the Ingress to use the Certificate

  1. Configure the Qlik Sense ingress to use the secret created in the previous procedure by adding the following to your values.yaml file:
    nginx-ingress: controller: extraArgs: # References the "my-certificate" secret created within the "default" namespace default-ssl-certificate: "default/my-certificate"
  2. Update your cluster using the following command:
    $ helm upgrade --install qsefe qlik/qsefe -f values.yaml

Verifying the Certificate with your Browser

  1. Using your browser, go to the domain you configured to verify the certificate presented by Qlik Sense’s ingress controller.