Self Signed SSL Certificate Setup
Note: These steps are intended for windows only. This will configure a self signed certificate using a self-made CA. If you just want to access Replicate/Enterprise Manager without the warning page then this is a solution.
(Step 1)
Create a folder anywhere on your machine. You need this to store all the files that you are about to create.
(Step 2)
Install OpenSSL. This is the tool we need to create the required files. OpenSSL can be safely installed on Windows by installing Git.
(Step3)
Open CMD inside the folder or navigate to the folder directory. You need to create the files in this folder.
(Step4)
Copy these commands and execute them in order:
a)openssl genrsa -aes256 -out ca-key.pem 4096
The next command will require you to insert some information.
Note - When asked for the FQDN/Common Name, enter it in lower case.
b)openssl req -new -x509 -sha256 -days 3650 -key ca-key.pem -out ca.pem
openssl genrsa -out cert-key.pem 4096
c)For the next command, replace “yourcn” with the domain name used to access the console.
openssl req -new -sha256 -subj "//CN=yourcn" -key cert-key.pem -out cert.csr
For example this is the domain name used to access my console.
So I would replace “yourcn” with “win-meg”.
Note - When asked for the FQDN/Common Name, enter it in lower case.For the next command, replace “your-dns.record” with your domain name as done in the command before this without the asterisk. Replace the IP “257.10.10.1” with the IP of your replicate server machine. After executing the command, go into extfile.cnf and delete the quotation marks as they will interfere with the later commands if kept.
Note - When asked for the FQDN/Common Name/Domain Name, enter it in lower case.echo "subjectAltName=DNS:your-dns.record,IP:257.10.10.1" >> extfile.cnf
openssl x509 -req -sha256 -days 3650 -in cert.csr -CA ca.pem -CAkey ca-key.pem -out cert.pem -extfile extfile.cnf -CAcreateserial
(Step 5)
Now you have almost everything you need to finish. Create a new text file and name it fullchain.pem
a) Copy the text inside cert.pem into fullchain.pem
b) Then append the text of ca.pem to fullchain.pem
<- The result should look like this. Two certificates on top of one another.
(step 6)
Create another folder and move fullchain.pem and cert-key.pem into this new folder. I named mine "Fullchain" but you can name it as you desire.
(Step 7)
Navigate into the new folder (Fullchain) and run the command below. This will create a CERTIFICATE.pfx file in the new folder.
openssl pkcs12 -export -out CERTIFICATE.pfx -inkey cert-key.pem -in fullchain.pem
(Step 7) Open powershell as Administrator, navigate to the directory where your "ca.pem" file is located, then run the following command.
Import-Certificate -FilePath "ca.pem" -CertStoreLocation Cert:\LocalMachine\Root
(Step 8)
Open a command prompt As Administrator
a) Navigate to the Qlik Replicate bin folder. For example “Program Files\Attunity\Replicate\bin”
b) Execute the command “RepUiCtl.exe certificate clean”
(Step 9)
In this step we will import the certificate. Open the Microsoft Management Console by typing "mmc" in a command shell.
a) From the File menu, select Add/Remove Snap-in.
b) In the left pane, double-click Certificates.
c) Select Computer account and then click Next. Make sure that Local computer is selected and then click Finish.
d) Click OK to close the Add or Remove Snap-ins dialog box.
e) In the left pane, expand the Certificates folder. Then, right-click the Personal folder and select All Tasks>Import>Browse
f) Import your certificate. For your reference, below is an image of the certificate we imported from the folder created in Step 6.
Note - If your certificate is not visible, you may need to select "All files" when you are searching for your certificate.
(Step 10)
Double click your newly imported certificate, go to details, then scroll down to Thumbprint and copy the value.
(Step 11)
In a CMD window, enter the following command:
netsh http add sslcert ipport=0.0.0.0:443 certhash=YOUR_CERTIFICATE_THUMBPRINT_WITHOUT_SPACES appid={4dc3e181-e14b-4a21-b022-59fc669b0914}
Note - Replace YOUR_CERTIFICATE_THUMBPRINT_WITHOUT_SPACES with the Thumbprint acquired in Step 10. Do not change the appid value. You only need to replace the Thumbprint.
(Step 12)
You have completed the steps.
Start both Qlik Replicate services
Clear your browser cache or you may experience issues when accessing the console.
For further assistance, contact helpdesk@ibt.com.au
