Note to self: do not update Intel Rapid Storage Technology drivers on a HP Proliant ML10v2, unless I really, really need to.
I’ve become complacent when throwing drivers at devices and this is a reminder how easy it is to break things. I recently added a TPM to one of my servers and one of the fixed drives is classified as removable by Windows, which means I can’t use the TPM with it. There’s at least two ways to fix this, either install Intel RST drivers and configure it through the console, or change some registry keys to force them to fixed drives.
This isn’t yet a mandatory change for production organisations, but it will be by 22/07/2017. Any development organisation will have it enabled by default, without any method for disabling. Other services do not have a disable date at the time of writing this post.
Updated on 22/12/2017 to add two other ways of generating a CSR (see below).
In this post I’m going to look at how quick and easy (and cheap) it is to procure and install a SSL certificate on your Qlik Sense deployment. This assumes you are starting with only the self signed certificates, and that you want to use a certificate generated by a signing authority for use on an externally facing site.
A couple of things to note:
I’m using Qlik Sense Enterprise 3.1 with a single-node deployment using the default settings
You have a choice of verification methods – I chose to use DNS by adding a CNAME (pointer) to my chosen domain, and managed this through a linux DNS host. You can also verify through email or http (placement of a file)
I’ve used a basic certificate from PositiveSSL that offers only domain validation (DV). Certificates offering greater levels of protection and assurance are also available
The server is running Windows Server 2012 R2 with IIS 8, which is up-to-date with the latest updates at time of writing (January 2017)
On a clean installation of Qlik Sense Enterprise, you’ll note that the domain fails SSL validation in most browsers. Why? Because the certificate is one that has been generated by your server, and not by a “trusted” certificate authority. Have a read of this page about Certificate Authorities if you’re after further detail.