How to disable SSL on KNIME server

Thanks Alexander.

This is what I did. I got the error message when I type https://:8443. It says “Server not reachable”. It only allows me to specify http://:8443. Do I need to register the certificate on my local laptop?

Thanks,

Vincent Zao

Hi Vincent,
http in combination with 8443 makes no sense, as KNIME Server listens for https connections on that port and on port 8080 for http. Can you share your server.xml so I can compare it to mine?
Kind regards,
Alexander

Thanks Alexander.

Attached is the server.xml <removed_file>

Hi,
the only relevant difference I see is the redirect port in line 66. Could you change that to 443 instead of 8443? I will also remove the server.xml you uploaded from your post because it contains your custom randomized shutdown token.
Kind regards,
Alexander

Thanks Alexander.

Line 66 is commented out. The SSL is defined in line 90:

<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
           maxThreads="150" SSLEnabled="true">
    <SSLHostConfig>
        <Certificate certificateKeystoreFile="conf/knime-dv-server.jks"
                                             certificateKeystorePassword="changeit"
                     type="RSA" xpoweredBy="false" server="Apache TomEE" />
    </SSLHostConfig>
</Connector>

Should I uncomment the following session and change the redirectport to 443?

 65     -->
 66         <!--
 67     <Connector compressibleMimeType="text/html,text/xml,text/plain,text/        css,text/javascript,application/javascript,application/json,application/        vnd.mason+json" compression="on" connectionTimeout="20000" port="8080" p        rotocol="HTTP/1.1" redirectPort="8443" server="Apache Tomcat" xpoweredBy        ="false"/>
 68         <Connector SSLEnabled="true" compressibleMimeType="text/html,tex        t/xml,text/plain,text/css,text/javascript,application/javascript,applica        tion/json,application/vnd.mason+json" compression="on" maxThreads="150"         port="8443" protocol="org.apache.coyote.http11.Http11Nio2Protocol" schem        e="https" secure="true" server="Apache Tomcat">
 69             <SSLHostConfig protocols="all,-TLSv1,-SSLv3,-SSLv2Hello">
 70                 <Certificate certificateKeystoreFile="conf/knime-server.        jks" certificateKeystorePassword="knimeknime" type="RSA"/>
 71             </SSLHostConfig>
 72         </Connector>
 73     -->

Thanks,

Vincent

Hi,
oh yes, I did not see that. The bottom part is the one that you should be using. It is the one configured by default. Please try it out!
Kind regards,
Alexander

Thanks Alexander.

This is where we started. That one is working for WebPortal but I cannot connect from Analytics Platform.

Anyway, I switch it back to port 8080. With port 8080, I can connect from WebPortal and Analytics Platform but I got the message “No JWT Builder found in request…”

Any suggestions?

Thanks,

Vincent

Hi,
another thing I just noticed: you need to give your own certificate and appropriate password. Please have a look at the guide here for SSL: https://docs.knime.com/2019-12/server_admin_guide/index.html#encrypted-communication. In your server.xml you have certificateKeystoreFile="conf/knime-dv-server.jks" certificateKeystorePassword="changeit", which is of course not correct. For the other issue, I will respond in the other topic right away!
Kind regards,
Alexander

Thanks Alexander.

Just to confirm:
You said:
“You need to give your own certificate and appropriate password”

Is this refer to client side (Analytics Platform)?

Also, You said:

" In your server.xml you have certificateKeystoreFile="conf/knime-dv-server.jks" certificateKeystorePassword="changeit" , which is of course not correct."

Should I remove this?

Thanks,

Vincent

Hi,
can you use the attached server.xml file instead of yours? With that one both HTTP and HTTPS work on my server, both from AP and WebPortal.
Kind regards,
Alexander

Edit: Please make sure to change the shutdown attribute in the Server element to some random value for security reasons.

server.xml (8.9 KB)

I’m sure he meant server but to answer your question, I always had to import the ssl cert into analytics platform JRE keystore to make https from analytics platform.

EDIT:
Maybe also relevant: connecting with ssl from knime 4 analytics platform to a knime3 based server does for unknown reason not work for me. But then it shouldn’t be a surprise due to version mismatch.
It works with plain http.