Note: These steps are intended for windows only. This will configure a self signed certificate using a self-made CA. If you just want to access Replicate/Enterprise Manager without the warning page then this is a solution.
(Step 1)
Create a folder anywhere on your machine. You need this to store all the files that you are about to create.
(Step 2)
Install OpenSSL. This is the tool we need to create the required files.
(Step3)
Open CMD inside the folder or navigate to the folder directory. You need to create the files in this folder.
(Step4)
Copy these commands and execute them in order:
openssl genrsa -aes256 -out ca-key.pem 4096
The next command will require you to insert some information.
openssl req -new -x509 -sha256 -days 3650 -key ca-key.pem -out ca.pem
openssl genrsa -out cert-key.pem 4096
For the next command, replace “yourcn” with the domain name used to access the console preceded by an asterisk.
For example this is the domain name used to access my console.
So I would replace “yourcn” with “*win-meg”.
openssl req -new -sha256 -subj "/CN=yourcn" -key cert-key.pem -out cert.csr
For the next command, replace “your-dns.record” with your domain name as done in the command before this without the asterisk. Replace the IP “257.10.10.1” with the IP of your replicate server machine. After executing the command, go into extfile.cnf and delete the quotation marks as they will interfere with the later commands if kept.
echo "subjectAltName=DNS:your-dns.record,IP:257.10.10.1" >> extfile.cnf
openssl x509 -req -sha256 -days 3650 -in cert.csr -CA ca.pem -CAkey ca-key.pem -out cert.pem -extfile extfile.cnf -CAcreateserial
(Step 5)
Now you have almost everything you need to finish. Create a file called fullchain.pem
Copy the text inside cert.pem into fullchain.pem
Then append the text of ca.pem to fullchain.pem
<- It should look like this
(step 6)
Create another folder and move fullchain.pem and cert-key.pem into this new folder.
(Step 7)
Run the command. This will create a CERTIFICATE.pfx file in the new folder.
openssl pkcs12 -export -out CERTIFICATE.pfx -inkey cert-key.pem -in fullchain.pem
(Step 7) In powershell as admin, run this command.
Import-Certificate -FilePath "ca.pem" -CertStoreLocation Cert:\LocalMachine\Root
(Step 8)
Follow the steps from here https://help.qlik.com/en-US/replicate/November2022/Content/Replicate/Main/Security/set_up_server_https_support.htm
For Windows setup
Clear browser cache and try it.
Sources:
https://www.youtube.com/watch?v=VH4gXcvkmOY&t=917s&ab_channel=ChristianLempa
https://www.youtube.com/watch?v=-i7ugO8AVN4&ab_channel=SSLCorp
Files | ||
---|---|---|
DataImage87.png
113 KB
|
||
DataImage25.png
15 KB
|