Registering SSL Certificate

RDL · August 11, 2023, 8:29am

Hi community,

I’m writing you because I want to use https instead of http protocol when my users connect to QSDA. The idea is to use a ssl certificate signed by my internal CA. QSDA Security isn’t enabled.

I followed the instructions mentioned in the link below with no luck (QSDA Help), I mean when I enabled SSL protocol the certificate opened or assigned isn’t the one I chose using the netsh command.

Do you have any idea about what I’m wrongly doing?

THanks in advance

rob · August 11, 2023, 6:20pm

The netsh should only be used when the QSDA Auth is enabled. (the help says it will do not harm – incorrect for many customers – I will update the help).

Try removing the registration with netsh delete.

-Rob

RDL · August 14, 2023, 5:39am

Hi @rob

Ok, understood however, if I want to use https and use a specific ssl certificate, how can I do it?

Regards

rob · August 14, 2023, 3:26pm

Currently if you have not enabled QSDA Auth, the certificate selection is made by matching the host name used in the URL with the first certificate found with the same exact or wildcard name used as either subject or alternate name. There is no way to bind to a specific certificate, like by using a thumbprint. Do you have such a requirement?

-Rob

RDL · August 16, 2023, 6:25am

Hi @rob

QSDA Auth is something that I want to implement too so let see if using HTTPS and QSDA Auth is enough for me.

Once I test it I’ll come with my feedback.

Thanks

RDL · August 17, 2023, 5:42am

Hi @rob

After implementing HTTPS and QSDA Auth I saw that everytime we open the QSDA url using https an error response appears 2 seconds and then QSDA is opened. If without closing the browser I open again QSDA I don’t see any error however, if I close the browser and open again QSDA the same error appear. This behavior is happening when I use MS Edge, I don’t have noticed it with Firefox. Here you have an example with MS Edge (sorry is in Spanish).

@rob , do you have noticed the behavior I described before?

PS:I don’t want to implement https if my users are going to see any error.

Thanks and regards

rob · August 17, 2023, 2:43pm

I have not seen this issue before. Take a look in the Admin > Error Log to see if there are any relevant error message that might help.

-Rob

RDL · August 18, 2023, 6:10am

Hi @rob

I don’t have seen any error on this log. I think it’s something that happens between MS Edge and QSDA webpage. Have you tested it with MS Edge? Like I said, with Firefox it doesn’t happen. And it started to happen when I enabled https.

Regards

rob · August 18, 2023, 5:39pm

I do not see the issue in Edge or Chrome. Can you check your devtools (F12) console in Edge to see if there are any error messages there?

-Rob

RDL · August 21, 2023, 7:20am

Hi @rob,

I guess that something configured in MS Edge is avoiding in a first step to open QSDA. Like I said, with Firefox I don’t see that issue.

On the other hand I noticed that enabling QSDA Auth the performance is worse than without it. So finally I have disabled https and QSDA Auth till I find where is the issue. Are you aware about a performance deterioration when QSDA Auth is enabled?

Regards

rob · August 21, 2023, 2:47pm

QSDA Auth enables a different web server which is not as performant. I had not seen a noticeable difference.

-Rob