Welcome Guest, you are in: Login

QVSource: The QlikView & Qlik Sense API Connector (Docs)

Web Edition Doc Quick Links
QVSource Web Edition is now commercially available should be used - if you are still using the WinForms edition please upgrade now as this is deprecated and will no longer be supported after the 22nd May 2016.

You should find most of the documentation on this wiki for the WinForms edition of QVSource still applies, particularly the connector specific pages (ignoring the minor UI differences).

The following are the most important Web Edition specific pages:

  • Web Edition Overview - A short introduction to the new QVSource Web Edition including the benefits and high level differences.
  • Getting Started - A guide on running the QVSource Web Edition in its simplest mode (e.g. servicing requests from localhost only with no user authentication).
  • Example Deployment Scenarios - Some example diagrams showing how QVSource Web Edition might be deployed with QlikView and Qlik Sense.
  • Advanced Configuration - How to perform advanced configuration of QVSource, for example allowing remote access and setting up users.
  • User Management - How to manage users.
  • Upgrading from WinForms Edition - How to upgrade.
  • SSL Configuration - How to set up a test SSL certificate so that traffic between your browser (or QlikView/Qlik Sense) is encrypted.
  • Troubleshooting - Read this page first if you are having trouble running QVSource.
  • Cloud Hosted Demo - Information on a cloud host demo edition we are currently testing out.


If you are allowing remote access to QVSource it is recommended that you also set it up so that the traffic to and from QVSource is encrypted using SSL.

To do this you first need to set the RequireSSL element in deploy.config to 'true'. Let's suppose we have done this and configured QVSource to run on port 5556.

Initially, when we try to browse to https://your_server_name:5556/web with QVSource running we have no access because there is no SSL certificate bound to this endpoint:

Image

The following instructions give a guide on how SSL can be setup.

Please note however that as this is not a QVSource specific feature, i.e. there is no additional code, other than to start the service at a https address rather than http, in QVSource to enable this. Because this is a Windows level feature, we do not currently officially support this and we would recommend you consult your network/server admin in order to get this setup in a manner which is robust enough for your specific network and infrastructure. What follows is a guide for demo/test purposes.

Note that these steps are taken largely from the excellent post here.


Step 1: Obtain Makecert.exe

You will need the Makecert utility which is available either as part of Visual Studio or as part of the Windows SDK.

From the page here:

The Certificate Creation tool generates X.509 certificates for testing purposes only. It creates a public and private key pair for digital signatures and stores it in a certificate file. This tool also associates the key pair with a specified publisher's name and creates an X.509 certificate that binds a user-specified name to the public part of the key pair.

And:

'This tool is automatically installed with Visual Studio and with the Windows SDK. To run the tool, we recommend that you use the Visual Studio Command Prompt or the Windows SDK Command Prompt (CMD Shell). These utilities enable you to run the tool easily, without navigating to the installation folder.'

In our example we are running from the Visual Studio Command Prompt where we can simply type 'makecert' and verify that it is available:

Image

We now navigate to the root c: drive and type:
mkdir qvsourcessl
cd qvsourcessl

To create and then navigate to a new directory c:\qvsourcessl:

Image

Step 2: Create Your Own CA (Certificate Authority)

We now create a new text file and copy the following two lines in:
makecert.exe -n "CN=QVSourceCARoot" -r -pe -a sha512 -len 4096 -cy authority -sv QVSourceCARoot.pvk QVSourceCARoot.cer
pvk2pfx.exe -pvk QVSourceCARoot.pvk -spc QVSourceCARoot.cer -pfx QVSourceCARoot.pfx -po mypassword


Note the password in here. You may wish to change this and ensure that the two .cmd files created in this guide are deleted at the end. However, as noted above, this guide is really only for demo/test purposes.

Save this as 'CreateCARoot.cmd' in c:\qvsourcessl.

Now in the command prompt type: createcaroot

You should see something like the following:

Image

And then in the background a password prompt (this might take a few moments to appear):

Image

In this example we will opt not to enter anything here and just accept the following:

Image

Our c:\qvsourcessl directory should now look something like this:

Image

Double clicking on 'QVSourceCARoot.cer' should show the following, note that this certificate authority is untrusted:

Image

Step 3: Trusting The QVSourceCARoot CA

NOTE: We will usually (depending on the browser) need to distribute the file 'QVSourceCARoot.cer' to other machines which need to access QVSource and repeat the same steps below so that they also trust this certificate authority. A network admin might be able to roll this out automatically across a windows domain using a group policy or similar.

To trust it, type MMC into the Windows search box and hit enter. In the empty window which appears, choose the Add/Remove Snap-in option:

Image

Then select the 'Certificates' Snap-in:

Image

And choose 'Computer account':

Image

Finish the Wizard and then right click on the Certificates nodes under 'Trusted Root Certification Authorities', selecting the 'Import...' option as shown:

Image

Browse to the file c:\qvsourcessl\QVSourceCARoot.cer generated above:

Image

And complete the wizard. You should now see that QVSourceCARoot is listed:

Image

And double clicking this shows that it is no longer untrusted:

Image

Step 4: Create SSL Certificate

Create a new text file in c:\qvsourcessl and paste in the following:
makecert.exe -n "CN=%1" -iv QVSourceCARoot.pvk -ic QVSourceCARoot.cer -pe -a sha512 -len 4096 -b 01/01/2014 -e 01/01/2040 -sky exchange -eku 1.3.6.1.5.5.7.3.1 -sv %1.pvk %1.cer
pvk2pfx.exe -pvk %1.pvk -spc %1.cer -pfx %1.pfx -po mypassword


Note again the password in here. You may wish to change this and ensure that the two .cmd files created in this guide are deleted at the end. However, as noted above, this guide is really only for demo/test purposes.

And save the file as 'CreateSSLCert.cmd'.

You should now go back to your command prompt and type:
createsslcert your_server_name

It is important that here you replace your_server_name with the machine name of (or name you will be using to access) the server which will be running QVSource. This is because the name is embedded in the SSL certificate and if it does not match the name you will be using to browse to QVSource, e.g.:
https://your_server_name:5556/web

Then you will receive SSL certificate errors.

The following shows what happens when we run the above command:

Image

Again we are prompted for a username and password:

Image

And we simply click Yes to proceed without entering a password:

Image

You should now have the SSL certificate files in c:\qvsourcessl:

Image

Now right click on the Certificates node under 'Personal' and choose 'Import...':

Image

And browse to the your_server_name.pfx file created above:

On the next step, enter 'mypassword' (assuming you didn't change it in the two lines copied to the CreateSSLCert.cmd file):

Image

Complete the import wizard and you should find the certificate is now installed:

Image

It is trusted automatically because your QVSourceCARoot that signed it is trusted and has a private key corresponding to this certificate.

Now, on the Details tab take a copy of the thumbprint value which we will need below:

Image

Note that when you paste it (in the step below), it will likely contain gaps in:
‎71 20 1e 38 c2 3c e9 78 65 da 89 db 39 59 44 db 24 52 19 7f

Make sure that you remove these spaces before using it below, i.e.:
‎71201e38c23ce97865da89db395944db2452197f

Step 3: Bind SSL Certificate

In your command prompt you can now run:
netsh http show sslcert ipport=0.0.0.0:5556

To confirm that there is not already an SSL binding. The result should look like this:

Image

If there is, you should be able to remove it by running:
netsh http delete sslcert ipport=0.0.0.0:5556

To bind the SSL certificate you can then enter the following into the command prompt, remembering to replace the certhash with your thumbprint value from above:
netsh http add sslcert ipport=0.0.0.0:5556 certhash=‎71201e38c23ce97865da89db395944db2452197f appid={004FC337-C805-4623-8E5B-B2FCE18F0719}

If you wish you can generate your own appid Guid.

PLEASE NOTE that if you copy and then paste the command into the command prompt it will likely add an incorrect ? as highlighted below:

Image

You should delete this before pressing enter. If the command runs successfully you should see the following:

Image

You can then run:
netsh http show sslcert ipport=0.0.0.0:5556

Again and verify the binding:

Image

Step 4: Test On Local Machine

You should now find if you browse to:
https://your_server_name:5556/web

With QVSource running the page now loads correctly:

Image

And shows a padlock icon indicating a proper SSL connection. This means that the traffic between the browser and QVSource is now encrypted.

Step 5: Install CA (Certificate Authority) On Other Machines

If however you try to browse to:
https://your_server_name:5556/web

From another machine you will see an SSL certificate error or warning (the nature of which will depend on the browser). This is because the browser has no knowledge of or trust relationship with the QVSourceCARoot certificate authority we created at the start.

For Internet Explorer and Chrome you should repeat 'Step 3: Trusting The QVSourceCARoot CA' for each machine you are accessing QVSource from. As mentioned, your network Admin may be able to automate this across all machines on a network.

For FireFox, you should just be able to add an Exception the first time you browse to the site. You can also import the QVSourceCARoot CA into Firefox's certificate store.

On Safari on IOS (e.g. the iPad), you should also be able to opt to Trust the site/certificate the first time you visit it.

The procedure for other devices, e.g. Android tablets, may vary by device.

NOTE that you should also repeat 'Step 3: Trusting The QVSourceCARoot CA' for each machine where you are making reloads from QVSource using QlikView or Qlik Sense.

Troublesshooting

SSL with Qlik Sense 2.2

A user reported an issue when upgrading from Qlik Sense 2.1 to 2.2 whereby the reloads from Qlik Sense started failing over SSL although when making the requests to QVSource from a browser everything worked fine.

A message similar to the following appeared in the Qlik Sense logs:
Message: 'Unknown error' and additional debug info: 'download failed (SSL connect error)'

The resolution to this was to obtain a commercial SSL certificate for the server. This appears to be an issue related to Qlik Sense rather than QVSource at time of writing.


(QVSource works with Qlik Sense as well as QlikView - See this page for notes.)
QVSource - The QlikView & Qlik Sense API Connector | © Copyright 2011 - 2016 Industrial CodeBox Ltd