Self Signed SSL Certificate Setup

Creation date: 24/03/2023 16:46    Updated: 24/03/2023 16:49

Note: These steps are intended for windows only. This will configure a self signed certificate using a self-made CA. If you just want to access Replicate/Enterprise Manager without the warning page then this is a solution.


(Step 1)

Create a folder anywhere on your machine. You need this to store all the files that you are about to create.


(Step 2) 

Install OpenSSL. This is the tool we need to create the required files.


(Step3) 

Open CMD inside the folder or navigate to the folder directory. You need to create the files in this folder.


(Step4) 

Copy these commands and execute them in order:


openssl genrsa -aes256 -out ca-key.pem 4096


The next command will require you to insert some information. 


openssl req -new -x509 -sha256 -days 3650 -key ca-key.pem -out ca.pem


openssl genrsa -out cert-key.pem 4096


For the next command, replace “yourcn” with the domain name used to access the console preceded by an asterisk.

For example this is the domain name used to access my console. 


So I would replace “yourcn” with “*win-meg”.


openssl req -new -sha256 -subj "/CN=yourcn" -key cert-key.pem -out cert.csr


For the next command, replace “your-dns.record” with your domain name as done in the command before this without the asterisk. Replace the IP “257.10.10.1” with the IP of your replicate server machine. After executing the command, go into extfile.cnf and delete the quotation marks as they will interfere with the later commands if kept.


echo "subjectAltName=DNS:your-dns.record,IP:257.10.10.1" >> extfile.cnf


openssl x509 -req -sha256 -days 3650 -in cert.csr -CA ca.pem -CAkey ca-key.pem -out cert.pem -extfile extfile.cnf -CAcreateserial


(Step 5) 

Now you have almost everything you need to finish. Create a file called fullchain.pem 


Copy the text inside cert.pem into fullchain.pem

Then append the text of ca.pem to fullchain.pem

<- It should look like this


(step 6) 

Create another folder and move fullchain.pem and cert-key.pem into this new folder.


(Step 7)

Run the command. This will create a CERTIFICATE.pfx file in the new folder.


openssl pkcs12 -export -out CERTIFICATE.pfx -inkey cert-key.pem -in fullchain.pem


(Step 7) In powershell as admin, run this command.

Import-Certificate -FilePath "ca.pem" -CertStoreLocation Cert:\LocalMachine\Root

(Step 8) 

Follow the steps from here https://help.qlik.com/en-US/replicate/November2022/Content/Replicate/Main/Security/set_up_server_https_support.htm

For Windows setup


Clear browser cache and try it.


Sources: 

https://www.youtube.com/watch?v=VH4gXcvkmOY&t=917s&ab_channel=ChristianLempa

https://www.youtube.com/watch?v=-i7ugO8AVN4&ab_channel=SSLCorp


Files