Welcome Guest, you are in: Login

QVSource: The QlikView & Qlik Sense API Connector (Docs)

Web Edition Doc Quick Links
QVSource Web Edition is now commercially available should be used - if you are still using the WinForms edition please upgrade now as this is deprecated and will no longer be supported after the 22nd May 2016.

You should find most of the documentation on this wiki for the WinForms edition of QVSource still applies, particularly the connector specific pages (ignoring the minor UI differences).

The following are the most important Web Edition specific pages:

  • Web Edition Overview - A short introduction to the new QVSource Web Edition including the benefits and high level differences.
  • Getting Started - A guide on running the QVSource Web Edition in its simplest mode (e.g. servicing requests from localhost only with no user authentication).
  • Example Deployment Scenarios - Some example diagrams showing how QVSource Web Edition might be deployed with QlikView and Qlik Sense.
  • Advanced Configuration - How to perform advanced configuration of QVSource, for example allowing remote access and setting up users.
  • User Management - How to manage users.
  • Upgrading from WinForms Edition - How to upgrade.
  • SSL Configuration - How to set up a test SSL certificate so that traffic between your browser (or QlikView/Qlik Sense) is encrypted.
  • Troubleshooting - Read this page first if you are having trouble running QVSource.
  • Cloud Hosted Demo - Information on a cloud host demo edition we are currently testing out.

If you are allowing remote access to QVSource it is recommended that you also set it up so that the traffic to and from QVSource is encrypted using SSL.

To do this you first need to set the RequireSSL element in deploy.config to 'true'. Let's suppose we have done this and configured QVSource to run on port 5556.

Initially, when we try to browse to https://your_server_name:5556/web with QVSource running we have no access because there is no SSL certificate bound to this endpoint:


The following instructions give a guide on how SSL can be setup.

Please note however that as this is not a QVSource specific feature, i.e. there is no additional code, other than to start the service at a https address rather than http, in QVSource to enable this. Because this is a Windows level feature, we do not currently officially support this and we would recommend you consult your network/server admin in order to get this setup in a manner which is robust enough for your specific network and infrastructure. What follows is a guide for demo/test purposes.

Note that these steps are taken largely from the excellent post here.

Step 1: Obtain Makecert.exe

You will need the Makecert utility which is available either as part of Visual Studio or as part of the Windows SDK.

From the page here:

The Certificate Creation tool generates X.509 certificates for testing purposes only. It creates a public and private key pair for digital signatures and stores it in a certificate file. This tool also associates the key pair with a specified publisher's name and creates an X.509 certificate that binds a user-specified name to the public part of the key pair.


'This tool is automatically installed with Visual Studio and with the Windows SDK. To run the tool, we recommend that you use the Visual Studio Command Prompt or the Windows SDK Command Prompt (CMD Shell). These utilities enable you to run the tool easily, without navigating to the installation folder.'

In our example we are running from the Visual Studio Command Prompt where we can simply type 'makecert' and verify that it is available:


We now navigate to the root c: drive and type:
mkdir qvsourcessl
cd qvsourcessl

To create and then navigate to a new directory c:\qvsourcessl:


Step 2: Create Your Own CA (Certificate Authority)

We now create a new text file and copy the following two lines in:
makecert.exe -n "CN=QVSourceCARoot" -r -pe -a sha512 -len 4096 -cy authority -sv QVSourceCARoot.pvk QVSourceCARoot.cer
pvk2pfx.exe -pvk QVSourceCARoot.pvk -spc QVSourceCARoot.cer -pfx QVSourceCARoot.pfx -po mypassword

Note the password in here. You may wish to change this and ensure that the two .cmd files created in this guide are deleted at the end. However, as noted above, this guide is really only for demo/test purposes.

Save this as 'CreateCARoot.cmd' in c:\qvsourcessl.

Now in the command prompt type: createcaroot

You should see something like the following:


And then in the background a password prompt (this might take a few moments to appear):


In this example we will opt not to enter anything here and just accept the following:


Our c:\qvsourcessl directory should now look something like this:


Double clicking on 'QVSourceCARoot.cer' should show the following, note that this certificate authority is untrusted:


Step 3: Trusting The QVSourceCARoot CA

NOTE: We will usually (depending on the browser) need to distribute the file 'QVSourceCARoot.cer' to other machines which need to access QVSource and repeat the same steps below so that they also trust this certificate authority. A network admin might be able to roll this out automatically across a windows domain using a group policy or similar.

To trust it, type MMC into the Windows search box and hit enter. In the empty window which appears, choose the Add/Remove Snap-in option:


Then select the 'Certificates' Snap-in:


And choose 'Computer account':


Finish the Wizard and then right click on the Certificates nodes under 'Trusted Root Certification Authorities', selecting the 'Import...' option as shown:


Browse to the file c:\qvsourcessl\QVSourceCARoot.cer generated above:


And complete the wizard. You should now see that QVSourceCARoot is listed:


And double clicking this shows that it is no longer untrusted:


Step 4: Create SSL Certificate

Create a new text file in c:\qvsourcessl and paste in the following:
makecert.exe -n "CN=%1" -iv QVSourceCARoot.pvk -ic QVSourceCARoot.cer -pe -a sha512 -len 4096 -b 01/01/2014 -e 01/01/2040 -sky exchange -eku -sv %1.pvk %1.cer
pvk2pfx.exe -pvk %1.pvk -spc %1.cer -pfx %1.pfx -po mypassword

Note again the password in here. You may wish to change this and ensure that the two .cmd files created in this guide are deleted at the end. However, as noted above, this guide is really only for demo/test purposes.

And save the file as 'CreateSSLCert.cmd'.

You should now go back to your command prompt and type:
createsslcert your_server_name

It is important that here you replace your_server_name with the machine name of (or name you will be using to access) the server which will be running QVSource. This is because the name is embedded in the SSL certificate and if it does not match the name you will be using to browse to QVSource, e.g.:

Then you will receive SSL certificate errors.

The following shows what happens when we run the above command:


Again we are prompted for a username and password:


And we simply click Yes to proceed without entering a password:


You should now have the SSL certificate files in c:\qvsourcessl:


Now right click on the Certificates node under 'Personal' and choose 'Import...':


And browse to the your_server_name.pfx file created above:

On the next step, enter 'mypassword' (assuming you didn't change it in the two lines copied to the CreateSSLCert.cmd file):


Complete the import wizard and you should find the certificate is now installed:


It is trusted automatically because your QVSourceCARoot that signed it is trusted and has a private key corresponding to this certificate.

Now, on the Details tab take a copy of the thumbprint value which we will need below:


Note that when you paste it (in the step below), it will likely contain gaps in:
‎71 20 1e 38 c2 3c e9 78 65 da 89 db 39 59 44 db 24 52 19 7f

Make sure that you remove these spaces before using it below, i.e.:

Step 3: Bind SSL Certificate

In your command prompt you can now run:
netsh http show sslcert ipport=

To confirm that there is not already an SSL binding. The result should look like this:


If there is, you should be able to remove it by running:
netsh http delete sslcert ipport=

To bind the SSL certificate you can then enter the following into the command prompt, remembering to replace the certhash with your thumbprint value from above:
netsh http add sslcert ipport= certhash=‎71201e38c23ce97865da89db395944db2452197f appid={004FC337-C805-4623-8E5B-B2FCE18F0719}

If you wish you can generate your own appid Guid.

PLEASE NOTE that if you copy and then paste the command into the command prompt it will likely add an incorrect ? as highlighted below:


You should delete this before pressing enter. If the command runs successfully you should see the following:


You can then run:
netsh http show sslcert ipport=

Again and verify the binding:


Step 4: Test On Local Machine

You should now find if you browse to:

With QVSource running the page now loads correctly:


And shows a padlock icon indicating a proper SSL connection. This means that the traffic between the browser and QVSource is now encrypted.

Step 5: Install CA (Certificate Authority) On Other Machines

If however you try to browse to:

From another machine you will see an SSL certificate error or warning (the nature of which will depend on the browser). This is because the browser has no knowledge of or trust relationship with the QVSourceCARoot certificate authority we created at the start.

For Internet Explorer and Chrome you should repeat 'Step 3: Trusting The QVSourceCARoot CA' for each machine you are accessing QVSource from. As mentioned, your network Admin may be able to automate this across all machines on a network.

For FireFox, you should just be able to add an Exception the first time you browse to the site. You can also import the QVSourceCARoot CA into Firefox's certificate store.

On Safari on IOS (e.g. the iPad), you should also be able to opt to Trust the site/certificate the first time you visit it.

The procedure for other devices, e.g. Android tablets, may vary by device.

NOTE that you should also repeat 'Step 3: Trusting The QVSourceCARoot CA' for each machine where you are making reloads from QVSource using QlikView or Qlik Sense.


SSL with Qlik Sense 2.2

A user reported an issue when upgrading from Qlik Sense 2.1 to 2.2 whereby the reloads from Qlik Sense started failing over SSL although when making the requests to QVSource from a browser everything worked fine.

A message similar to the following appeared in the Qlik Sense logs:
Message: 'Unknown error' and additional debug info: 'download failed (SSL connect error)'

The resolution to this was to obtain a commercial SSL certificate for the server. This appears to be an issue related to Qlik Sense rather than QVSource at time of writing.

(QVSource works with Qlik Sense as well as QlikView - See this page for notes.)
QVSource - The QlikView & Qlik Sense API Connector | © Copyright 2011 - 2016 Industrial CodeBox Ltd