I have an API which is accessible by a individual token, in order to generate it I need to call other API which in its first step (GET) uses a certificate file information in my machine (pfx file)…using a postman app I just import the certificate file and it’s work perfectly …but in KNIME I guess there is no way to import this file…I was wodering if even is there a way to get the certificate information (token) in order to inform it in parameters.
Is it possible?
I am sorry, I have given you the instructions to add your certificate to the cacerts which acts as a truststore. But you have to add this to a new keystore (as there is no one present per default) instead, import your certificate and add this keystore to the knime.ini after the -vmargs line via the following lines:
Tks, Michael…just to clarify, I need to create a new keystore like cacerts and import my pfx certificate in it, right?
Then I need to appoint the first command line to the created key store not for my pfx certicate, right?
Yes, there is a difference between truststore (here: cacerts) and a keystore. The first is to store trusted server certificates, the latter contains your own certificates to authenticate yourself.
The right way would be creating a keystore, import of your pfx certificate and then configure the KNIME Analytics Platform to use the keystore with the mentioned two lines in the knime.ini.
Edit: The format of the keystore can be either jks or pkcs12.
@rafaelfre1 Can you list the certificates within the keystore you created after importing the pfx?
keytool -v -list -keystore NAMEKEYSTORE.jks
I found another article/post about first converting the pfx to a JKS, then importing that jks into your create jks. Maybe the extra step is what is needed?
I was think, in postman when we import a certificate we inform a host and a port in addition to the certificate file, while in this procedure in KNIME we are informing only the certificate within java keystore. Maybe is there some missing information in this procedure?
Have you tried point KNIME to use the rapKeystore.jks?
In the knime.ini you can add the following properties, with your information, which will tell KNIME to use your jkjs file, and not the included cacerts file.
You can test if this works for you, and if so, then merging the keystore may be beneficial, as we provide a bunch of trusted certs and CA’s in the default cacerts file.
I stay a little bit confuse with this last sugestion, because at the first responses of my doubt from Michael He told me to import my pfx file to the cacerts trust store certificate within KNIME AP installation, then I made this importation and get the same error I have now (third mensage of this post). Then he told me that the correct procedure is to import this pfx file to a KeyStore not a trustStore. That’s why I stayed a lit bit confused with your suggestion.
But any way I made what you said I add those tow command line to point as a trustStore, but I got the same error, please, could you check if I made same mistake at the knime.ini file?