DNS Certificate for public IP - Windows Server 2019

[Alex_zee9]

Hello everyone,

I'm struggling to set up a certificate for a public IP currently non trusted, for a windows server 2019 with Qlik, a business intelligence tool.

The server is hosted in AWS EC2 (virtual private cloud).

It has a private IP, the current certificate is linked to it.

I need to make the public IP trusted for the Qlik users.

I tried to set up a DNS, but I'm not an expert and it doesn't work.


Any suggestions?

Thanks in advance,
Alessandro

 

[x BlueRobot]

Have you requested another certificate for your public IP address and domain name? I've never used AWS but they seem to provide their own certification services through their Certificate Manager - Certificate Manager – AWS Certificate Manager – Amazon Web Services

 

[Alex_zee9]

Thanks for your reply.

Yes I know, but the problem is that I don't have a domain name connected to the public IP, Qlik users access it via the public IP address.
I tried to assign a domain name via DNS but I'm not an expert and it doesn't work, I think I have to start from this first to request a possible certificate.
In other words: until my public IP becomes a domain name I can't do anything.
I'm right? Or am I missing something?

 

[x BlueRobot]

From what I've read of Qlik, the users aren't directly accessing Qlik, Qlik sits behind a web application which you develop and then they sign into the Qlik tenant. You will then need to register the Qlik client (your web application) with the tenant.

I would not recommend just using a public IP address since this is simply going to cause a headache in terms of maintenance. In order to have a public domain name, then you'll need to register it with a domain registar and then map the IP address to the domain record on a DNS server. However, you haven't actually mentioned why it doesn't work and what the actual issue is? Is the outbound IP address accessible at all over HTTP(S)? Are you accessing Qlik through a web client?

 

[Alex_zee9]

Hi,
thanks again for your reply.

Yesterday I mapped the server's private IP address to a registered subdomain name that belongs to me, using the Windows Server DNS tool.

Users access Qlik via browser with the public IP address, always getting an untrusted certificate message but can proceed further.

The problem started because they also want the Qlik Mobile app, which doesn't accept any certificates except those trusted by a CA.

I can find one perhaps by using "CertifyTheWeb", linking it (using DNS) with the new subdomain name just created and then importing the new certificate into the server as a Root Certificate, copying the thumbprint into Qlik Proxy.

But I don't want to create errors that crash Qlik because it's my first time working with Windows Server DNS and certificates this way.

What do you think?

 

[x BlueRobot]

I would just purchase a domain and get a proper SSL certificate from a trusted CA. This will ensure that your certificate chain isn't going to be vulnerable to being broken and possibly spoofed. I wouldn't try and take shortcuts.