Self Signed SSL Certificate Setup

Note: These steps are intended for windows only. This will configure a self signed certificate using a self-made CA. If you just want to access Replicate/Enterprise Manager without the warning page then this is a solution.

(Step 1)

Create a folder anywhere on your machine. You need this to store all the files that you are about to create.

(Step 2) 

Install OpenSSL. This is the tool we need to create the required files.

(Step3) 

Open CMD inside the folder or navigate to the folder directory. You need to create the files in this folder.

(Step4) 

Copy these commands and execute them in order:

openssl genrsa -aes256 -out ca-key.pem 4096

The next command will require you to insert some information. 

openssl req -new -x509 -sha256 -days 3650 -key ca-key.pem -out ca.pem

openssl genrsa -out cert-key.pem 4096

For the next command, replace “yourcn” with the domain name used to access the console preceded by an asterisk.

For example this is the domain name used to access my console. 

So I would replace “yourcn” with “*win-meg”.

openssl req -new -sha256 -subj "/CN=yourcn" -key cert-key.pem -out cert.csr

For the next command, replace “your-dns.record” with your domain name as done in the command before this without the asterisk. Replace the IP “257.10.10.1” with the IP of your replicate server machine. After executing the command, go into extfile.cnf and delete the quotation marks as they will interfere with the later commands if kept.

echo "subjectAltName=DNS:your-dns.record,IP:257.10.10.1" >> extfile.cnf

openssl x509 -req -sha256 -days 3650 -in cert.csr -CA ca.pem -CAkey ca-key.pem -out cert.pem -extfile extfile.cnf -CAcreateserial

(Step 5) 

Now you have almost everything you need to finish. Create a file called fullchain.pem 

Copy the text inside cert.pem into fullchain.pem

Then append the text of ca.pem to fullchain.pem

<- It should look like this

(step 6) 

Create another folder and move fullchain.pem and cert-key.pem into this new folder.

(Step 7)

Run the command. This will create a CERTIFICATE.pfx file in the new folder.

openssl pkcs12 -export -out CERTIFICATE.pfx -inkey cert-key.pem -in fullchain.pem

(Step 7) In powershell as admin, run this command.

Import-Certificate -FilePath "ca.pem" -CertStoreLocation Cert:\LocalMachine\Root

(Step 8) 

Follow the steps from here https://help.qlik.com/en-US/replicate/November2022/Content/Replicate/Main/Security/set_up_server_https_support.htm

For Windows setup

Clear browser cache and try it.

Sources: 

https://www.youtube.com/watch?v=VH4gXcvkmOY&t=917s&ab_channel=ChristianLempa

https://www.youtube.com/watch?v=-i7ugO8AVN4&ab_channel=SSLCorp