SSL Certificate Trust and Self-Signed Certificate ... - Qlik Community

fabdulazeez · ‎2024-03-26

Currently, our setup involves a single-node installation of November 2022 Qlik sense Enterprise.

The vulnerability scanning tool on the client side, such as Nessus, has issued multiple warning stating, "The SSL certificate for this service cannot be trusted." It's important to note that we restrict user access to Qlik Sense from external sources. Instead, we solely rely on the Engine API with certificate trust for data retrieval and access the Hub exclusively from the server. This warning has been raised for multiple ports, including 3389 and 4239.

The recommendation from the tool is to "Purchase or generate a proper SSL certificate for this service."

Although we understand that third-party SSL certificates can be employed for accessing the Hub, I'm uncertain whether this warning will persist unless we delete the self-signed certificate generated by Qlik. Could someone provide guidance on the best approach to resolve this issue?

Maria_Halley

@fabdulazeez

Please take a look at this blog post

https://community.qlik.com/t5/Support-Updates/Qlik-Sense-Hub-and-QMC-with-a-custom-SSL-certificate/b...

fabdulazeez

Hi Maria,

While I understand that we can use custom SSL certificate for accessing the Qlik Sense Hub and Management Console, I am trying to see if there is any way to hide the the existing self signed certificate that cannot be deleted as they're essential for protecting communication between services.

I'm contemplating requesting a restriction on access from every other port to mitigate the visibility of these certificates to the auditing tool

fabdulazeez

Hi @Maria ,

To retrieve data from Qlik, we establish a direct connection to the engine from a trusted server, utilizing certificate authentication and a built-in user. Can we use the custom SSL mentioned in the article shared for this purpose?

SSL Certificate Trust and Self-Signed Certificate Removal in Qlik Sense Environment

Client Managed