Secure Chats, Securely: Understanding QliqChat’s Certificate Pinning

At QliqSOFT, security is at the heart of everything we do. With QliqChat, our HIPAA-compliant communication platform, we ensure that conversations stay private, authenticated, and protected—no matter where you are.

One of the lesser-known, but incredibly powerful ways we do that is through certificate pinning. In this post, we'll explain what that means, how we implement it in QliqChat, and what you or your IT team can do if a certificate issue arises.

✅ What is Certificate Pinning?

Certificate pinning is a security technique that locks an app to a specific SSL/TLS certificate or public key. Instead of trusting any certificate issued by a valid Certificate Authority (CA), QliqChat is hardcoded to only trust one or more specific certificates known to be valid and secure.

This protects against:

• Man-in-the-middle (MITM) attacks, even if a rogue CA issues a malicious cert.
• Network interception or SSL inspection by unauthorized third parties.
• Misconfigured or compromised corporate proxies presenting spoofed certs.

🛡️ QliqChat’s Approach to Pinning

Unlike many apps that rely on the operating system’s CA trust store, QliqChat uses strict certificate pinning on all platforms (mobile and desktop). The app is configured to:

• Trust only QliqSOFT-owned and -managed certificates.
• Reject certificates even if they appear valid or are issued by a reputable CA.
• Drop connections immediately if the cert doesn’t match the pinned version.

This helps ensure that only trusted, direct, and secure connections are ever made from QliqChat.

🛠️ Troubleshooting Certificate Pinning Issues

Occasionally, this strong security posture can result in connection issues—especially in network environments with SSL interception, outdated system clocks, or improperly configured security tools.

Here are the most common causes and how to address them:

1. ⚠️ Certificate Error on Login Screen

• If you see an error like “Invalid Certificate” when launching QliqChat, that’s a likely sign of a pinning mismatch.
• One quick clue: Check the certificate's validity period. If it shows a certificate valid for an unusually long time—sometimes up to 12 years—it’s likely not a QliqSOFT certificate.
  
  • These are often signs of intercepting firewalls, antivirus TLS proxies, or custom root CAs injected into the network.

2. 🔥 Firewall and Network Security Tools

• Firewalls or SSL inspection tools that terminate and re-encrypt traffic break pinning.
• Fix: Ensure traffic to QliqChat domains is excluded from TLS inspection.
• Domains to whitelist include:
  
  • app.qliqsoft.com
  • msg.qliqsoft.com
  • *.qliqsoft.com

3. 🧱 Antivirus or Endpoint Protection Software

• Some endpoint security solutions insert themselves into HTTPS traffic.
• Fix: Temporarily disable AV or create exceptions for QliqChat. If the issue resolves, update AV settings to avoid intercepting QliqChat traffic.

4. 🕰️ System Clock is Out of Sync

• An incorrect system time causes the certificate to appear expired or not yet valid.
• Fix: Sync your device with an internet time server or NTP source.

5. 💻 Outdated App or OS Version

• Old builds may pin to an outdated cert.
• Fix: Update to the latest version of QliqChat from official sources.

6. 🔄 Try a Quick Reset

• Close and relaunch QliqChat.
• Reboot your device or switch to a different network to rule out localized issues.

7. 🧹 Flush DNS Cache

Stale DNS data can cause misrouting or stale certs:

• Windows: ipconfig /flushdns
• macOS: sudo dscacheutil -flushcache && sudo killall -HUP mDNSResponder

🧩 What to Provide When Contacting Support

If you’ve gone through the above steps and still have issues, reach out to our support team with the following:

• Your organization name
• QliqChat version and platform (Windows/macOS/iOS/Android)
• A screenshot or description of the error
• Whether you’re behind a corporate firewall, VPN, or proxy
• Any recent network or antivirus updates

📬 Contact: support@qliqsoft.com

🔍 Final Thoughts: Why This Matters

Certificate pinning isn’t always visible, but it’s a powerful security control. It ensures that when you're using QliqChat:

• Your data is going exactly where it should.
• No third party can silently intercept or tamper with your traffic.
• Your organization is aligned with the highest standards in data protection.

At QliqSOFT, we’ll always favor security-first decisions, even when they occasionally require an extra step in troubleshooting. Our support and engineering teams are here to help if you run into any obstacles.

🛡️ Secure Chats. Securely. That’s the QliqSOFT way.