Scribd
Upload
529 views

NPrinting SSL

To encrypt Qlik NPrinting connections using SSL certificates, you need to obtain signed certificates from a certificate authority. You then merge the certificate files, copy them to the correct folders, and configure the NewsStand and Web Console proxy files to reference the new certificate and key files. Restarting the Qlik NPrinting web service loads the new certificates.

Uploaded by

Manuel Gomez Fredes
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
529 views

NPrinting SSL

To encrypt Qlik NPrinting connections using SSL certificates, you need to obtain signed certificates from a certificate authority. You then merge the certificate files, copy them to the correct folders, and configure the NewsStand and Web Console proxy files to reference the new certificate and key files. Restarting the Qlik NPrinting web service loads the new certificates.

Uploaded by

Manuel Gomez Fredes
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

Installing SSL certificates

You can install SSL certificates signed by a certification authority to encrypt Qlik
NPrinting connections. The proper use of signed SSL certificates will also eliminate safety
warnings during navigation.

Requirements
You can use two X509 certificate files in PEM format, one for NewsStand and one for Qlik
NPrinting Web Console, or the same for both. Certificates must be valid and created for the
domain where they are installed. To avoid security warnings in your web browser, you need a
certificate signed by a certificate authority.
You also need the certificate key, in PEM format (file extension can be KEY), for each certificate.
The certificate key must not be passphrase protected. If a passphrase is present, you need to
strip it from the certificate key file, for instance using an OpenSSL command such as the
following:
openssl rsa -in key.pem -out key.pem.unencrypted

Then use key.pem.unencrypted as a certificate key file in the following steps, instead of the
original private key.

Merge signed with server certificate


Files containing a certificate and matching private key for the server must be provided. If the
certificate is signed by a certificate authority, the certificate file should be the concatenation of the
server certificate, any intermediates, and the CA certificate.
Do the following:

1. Issue a certificate signing request (CSR) with a supplier of your choice. Detailed
instructions can be found on the website of the supplier.
1. You can use the OpenSSL tool to generate your own CSR by installing OpenSSL
Win64 with default settings (available from:
https://slproweb.com/products/Win32OpenSSL.html - note choose the full
installer, tested 1.0.2l with Server 2016).
2. To generate your own CSR use a generation tool, for example:
https://www.digicert.com/easy-csr/openssl.htm and copy the output onto your
clipboard.
3. Open a new command prompt window as administrator (Right click Start >
Command Prompt (Admin) and navigate to the OpenSSL\bin directory. This by
default is C:\OpenSSL-Win32\bin.
4. Paste your clipboard into the window and press Enter. This generates two files:
the private key (the format will be .key), and the CSR (the format will be .csr) to
be sent to the certificate authority. Some CA will not accept the CSR file. In this
case, open the CSR file in Notepad and copy and paste the entire data into the
appropriate CSR entry function in your CA (for example Namecheap)

The private key should not be disclosed to anyone, nor sent to the certificate authority.
Back it up.

2. Once you get the certificate files from your certification authority, you can create the
bundled .pem file. For example, if the certificate for your domain is STAR_demo_com.crt,
concatenate the server certificate, any intermediates, and the certification authority
certificate into the certificate file. Comodo include the following certificates, and you will
need to merge all these downloaded ‘CRT’ files into a single PEM file using the following
commands (each on a separate line):
a. more STAR_demo_com.crt >> demo.pem
b. more RSADomainValidationSecureServerCA.crt >> demo.pem
c. more RSAAddTrustCA.crt >> demo.pem
d. more AddTrustExternalCARoot.crt >> demo.pem

Please note that the filenames may be slightly different.

3. In the next steps, use the newly generated demo.pem as a certificate file and use the
OpenSSL generated private key to set up the proxy.

Install certificates
Do the following:

1. Copy certificate and key files to the appropriate folders.


o NewsStand certificate folder: [proxy installation
root]\proxy\newsstandproxy\src\qlik.com\newsstandproxy\conf

C:\Program Files\NPrintingServer\proxy\newsstandproxy\src\qlik.com\newsstandproxy\conf

o Qlik NPrinting Web Console certificate folder: [proxy installation


root]\proxy\webconsoleproxy\src\qlik.com\webconsoleproxy\conf

C:\Program Files\NPrintingServer\proxy\webconsoleproxy\src\qlik.com\webconsoleproxy\conf

2. Change both proxy configuration files to refer to the new certificate files:
o Edit the NewsStand proxy configuration file: [proxy installation
root]\proxy\newsstandproxy\src\qlik.com\newsstandproxy\conf\app.conf

You may need to copy the file to your desktop first to edit file, once changed, drag back to
installation folder and accept UAC prompts

C:\Program Files\NPrintingServer\proxy\newsstandproxy\src\qlik.com\newsstandproxy\conf\app.conf

Modify the existing values to match the following settings:


http.sslcert=.\src\qlik.com\newsstandproxy\conf\[Combined PEM file]
http.sslkey=.\src\qlik.com\newsstandproxy\conf\[private .key from OpenSSL]

o Edit the Qlik NPrinting Web Console proxy configuration file: [proxy installation
root]\proxy\webconsoleproxy\src\qlik.com\webconsoleproxy\conf\app.conf
You may need to copy the file to your desktop first to edit file, once changed, drag back to
installation folder and accept UAC prompts

C:\Program Files\NPrintingServer\proxy\webconsoleproxy\src\qlik.com\webconsoleproxy\conf\app.conf

Modify the existing values to match the following settings:


http.sslcert=.\src\qlik.com\webconsoleproxy\conf\[Combined PEM file]
http.sslkey=.\src\qlik.com\webconsoleproxy\conf\[private .key from OpenSSL]

3. Restart the Qlik NPrinting web service. New certificates are read only during the service
start-up.

You might also like