Resolving Common KNIME Certificates Problems
Resolving Common KNIME Certificates Problems
Learn how to resolve common certificates errors in KNIME Analytics Platforms.
The best place to get the certificate is from your IT Department.
KNIME AP cacerts Locations:
Windows: {knime-ap-location}/plugins/org.knime.binary.jre.{version}/jre/lib/security/cacerts
Mac: {knime-ap-location}/contents/eclipse/plugins/org.knime.binary.jre.macosx.{some-version}
Command used:
keytool -import -trustcacerts -alias {ca-alias-can-be-anything} -file {certificate-file.cer} -keystore {path-to-cacerts-file}
Default keystore password: “changeit”
Content
3.907 -> Hey there, my name is Wali Khan, with KNIME, and today we're going to be talking about resolving common certificate errors.
10.482 -> So, when we use KNIME
Server or Analytics Platform to integrate
13.57 -> with other systems we'll occasionally run
into an issue with certificates.
17.9 -> KNIME uses Java under the hood, and if Java
recognizes the signing body for a certificate
22.48 -> everything runs smoothly, but if Java doesn't recognize the signing body it will throw
26.779 -> an error.
28.34 -> This is common when using self-signed certifcates.
31.25 -> The error we get states something about PKIX
path building failed: unable to find a valid
36.879 -> certification path. Whenever we see this error,
we need to import the certificate into our
41.51 -> Java cacerts file.
42.929 -> If you're getting this error when installing
KNIME extensions, or after following these
46.989 -> steps you re likely behind a proxy that is
denying the requests or has many rotating certificates.
53.129 -> Let's open up our Analytics Platform to see
an example.
56.399 -> Here I'm making a REST call to a KNIME Server
that has a self-signed certificate, and when
60.881 -> I run this POST node I'll get a PKIX error
back in the console.
64.45 -> I'm using the KNIME Server as an example,
but this could happen when integrating with
68.1 -> any service like Tableau, PowerBI or a database.
71.96 -> To resolve this issue we just need to import
our certificates into our cacerts file.
78.5 -> The easiest way to get our certificate is
to download it using a browser.
82.03 -> I'm using Chrome here.
83.18 -> I just need to go to the URL I'm trying to
integrate with, which is a KNIME Server in
87.68 -> this case, and you can see that even Chrome
doesn't like our certificate.
92.08 -> To get our certificate
Click the Not Secure on the left side of the
94.89 -> nav bar or you might have a lock symbol if
you ve already trusted this certificate in
99.47 -> your browser.
101.27 -> I'll drag the certificate file onto my desktop
to get a .cer certificate.
107.61 -> Now that we have our certificate, we need
to import it into our cacerts file.
111.89 -> KNIME Analytics Platform and Executors come
packaged with their own JRE, but KNIME Server
116.53 -> depends on an external Java installation.
119.61 -> For complete coverage we'll want import the
downloaded certificate into all locations.
124.39 -> The process is the same in either case.
128.53 -> To import the certificate into KNIME AP we
need to go to our installation directory in
132.52 -> a terminal. I'm on a Mac, so its under Applications,
KNIME, Contents, Eclipse. and, then /plugins/org.knime.binary.jre.macosx.
146.873 -> for our KNIME Analytics Platform which will contain our cacerts file.
153.609 -> On Windows and Linux the directory is different-
see the path I put on the screen.
159.123 -> Then we'll run this command: keytool -import
164.42 -> -trustcacerts -alias and this alias is arbitrary
I'm just calling it knime server, -file and
170.79 -> path to our downloaded .cer certificate -keystore
and we want to import into the cacerts file
178.389 -> in this directory.
181.143 -> We need to enter the keystore's password which
is changeit by default and then hit 'yes'. This
186.51 -> should be good enough for just the Analytics
Platform, but we'll do the same for our other
190.219 -> Java environments like the KNIME Server for
full coverage.
194.462 -> I have a KNIME server running, and I'll import the
certificate here as well.
198.392 -> I'll navigate to where Java is installed.
200.434 -> /usr/lib/jvm/java-11-openjdk-amd64/ in my
case, and in there will be a lib/security
209.879 -> directory containing our cacerts file.
213.099 -> We run the same command as before and go test.
216.437 -> So keytool -import -trustcacerts -alias and
any alias \ -file and path to our .cer file
224.931 -> which I scp ed over to this server
-keystore and our path to our cacerts file
231.95 -> which is in this current directory.
234.92 -> Enter the password which is changeit by default
So we re done with importing, let's go back
240.269 -> to our Analytics Platform to test.
244.047 -> I'll run the same POST Node again and now
we ll see that it goes through okay without
248.129 -> an error in the console.
254.684 -> In this video we've seen how to import certificates
into KNIME.
257.44 -> This is a common issue we'll come across when
integrating with self-signed certificates
261.62 -> on other systems.
262.62 -> If you have any questions feel free to put
them into the comments section.
266.19 -> Thanks for watching!
Source: https://www.youtube.com/watch?v=FYD17GbNZsk