SSL/Java error.

gdoyle · December 14, 2020, 5:18pm

I am seeing a lot of errors when I’m trying to run my knime application. It loads fine and when I test my credentials it is fine, but when it tries to get access to our sharepoint site I am seeing some errors.

Unfortunately I am not familiar enough to understand if any of these errors are typical and can be ignored or if they are causing my issue.

I am seeing this:
ERROR SharePoint Online Connector (Labs) 0:603 Execute failed: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

And when I look in the knime.log file I see the following items:
2020-12-14 09:25:56,766 : ERROR : KNIME-Worker-25-SharePoint Online Connector (Labs) 0:603 : : Node : SharePoint Online Connector (Labs) : 0:603 : Execute failed: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:198)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1967)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:331)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:325)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1688)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:226)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1082)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:1010)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1079)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1388)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1416)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1400)

at okhttp3.internal.connection.RealConnection.connectTls(RealConnection.java:336)
at okhttp3.internal.connection.RealConnection.establishProtocol(RealConnection.java:300)
at okhttp3.internal.connection.RealConnection.connect(RealConnection.java:185)
at okhttp3.internal.connection.ExchangeFinder.findConnection(ExchangeFinder.java:224)
at okhttp3.internal.connection.ExchangeFinder.findHealthyConnection(ExchangeFinder.java:108)
at okhttp3.internal.connection.ExchangeFinder.find(ExchangeFinder.java:88)
at okhttp3.internal.connection.Transmitter.newExchange(Transmitter.java:169)
at okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.java:41)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:117)
at okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.java:94)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:117)
at okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.java:93)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142)
at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.java:88)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:117)
at com.microsoft.graph.httpcore.TelemetryHandler.intercept(TelemetryHandler.java:35)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:117)
at com.microsoft.graph.httpcore.RedirectHandler.intercept(RedirectHandler.java:123)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:117)
at com.microsoft.graph.httpcore.RetryHandler.intercept(RetryHandler.java:140)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:117)
at com.microsoft.graph.httpcore.AuthenticationHandler.intercept(AuthenticationHandler.java:31)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:117)
at okhttp3.RealCall.getResponseWithInterceptorChain(RealCall.java:229)
at okhttp3.RealCall.execute(RealCall.java:81)
at com.microsoft.graph.http.CoreHttpProvider.sendRequestInternal(CoreHttpProvider.java:356)
at com.microsoft.graph.http.CoreHttpProvider.send(CoreHttpProvider.java:204)
at com.microsoft.graph.http.CoreHttpProvider.send(CoreHttpProvider.java:184)
at com.microsoft.graph.http.BaseRequest.send(BaseRequest.java:306)
at com.microsoft.graph.requests.extensions.SiteRequest.get(SiteRequest.java:52)
at org.knime.ext.sharepoint.filehandling.node.SharepointConnectionSettings$SiteSettings.getParentSiteId(SharepointConnectionSettings.java:482)
at org.knime.ext.sharepoint.filehandling.node.SharepointConnectionSettings$SiteSettings.getTargetSiteId(SharepointConnectionSettings.java:453)
at org.knime.ext.sharepoint.filehandling.node.SharepointConnectionSettings.getSiteId(SharepointConnectionSettings.java:229)
at org.knime.ext.sharepoint.filehandling.fs.SharepointFileSystem.(SharepointFileSystem.java:141)
at org.knime.ext.sharepoint.filehandling.fs.SharepointConnection.(SharepointConnection.java:92)
at org.knime.ext.sharepoint.filehandling.node.SharepointConnectionNodeModel.execute(SharepointConnectionNodeModel.java:104)
at org.knime.core.node.NodeModel.executeModel(NodeModel.java:576)
at org.knime.core.node.Node.invokeFullyNodeModelExecute(Node.java:1236)
at org.knime.core.node.Node.execute(Node.java:1016)
at org.knime.core.node.workflow.NativeNodeContainer.performExecuteNode(NativeNodeContainer.java:558)
at org.knime.core.node.exec.LocalNodeExecutionJob.mainExecute(LocalNodeExecutionJob.java:95)
at org.knime.core.node.workflow.NodeExecutionJob.internalRun(NodeExecutionJob.java:201)
at org.knime.core.node.workflow.NodeExecutionJob.run(NodeExecutionJob.java:117)
at org.knime.core.util.ThreadUtils$RunnableWithContextImpl.runWithContext(ThreadUtils.java:334)
at org.knime.core.util.ThreadUtils$RunnableWithContext.run(ThreadUtils.java:210)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at org.knime.core.util.ThreadPool$MyFuture.run(ThreadPool.java:123)
at org.knime.core.util.ThreadPool$Worker.run(ThreadPool.java:246)

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:450)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:317)
at sun.security.validator.Validator.validate(Validator.java:262)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:330)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:237)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:132)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1670)
… 63 more

Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:445)
… 69 more

ana_ved · December 16, 2020, 1:52pm

Hi @gdoyle

Welcome to the forum!

It seems that there is a certificate missing. Can you let me know what KNIME version are you using? Has this worked before for you?

Best wishes,
Ana

gdoyle · December 16, 2020, 8:52pm

Hey, @ana_ved.

I believe the version my team is using is currently 4.2.3.

I have seen references to a certificate being missing, but I am not sure if that is a certificate on my local machine or if that is a certificate on the server side. Is it possible for you to elaborate on where you think the certificate may be missing?

This did work previously, but then my computer had issues and the tech department had to essentially reimage the machine. If the certificate is something local to my machine, it is possible that they did not put it back on. When my computer came back they also put me on a different VPN solution. The rest of my team uses the old VPN solution and are working without issues still.

This clouds the issue a bit, but I really think it is a certificate issue at this point.

Thanks.

ana_ved · December 18, 2020, 10:53am

Hi @gdoyle

Thank you for the additional information.

I did have some research in the topic and I think the change in the VPN could be the root cause here. Perhaps there is a misconfiguration in the new VPN solution that could be causing this. I would recommend you for now to ask for the IT department if they could verify the current configuration.

Please let me know if they can help you with that, and if so, it this solves the problem.

Best wishes,
Ana

gdoyle · December 18, 2020, 1:22pm

@ana_ved, according to that department there is nothing showing as being blocked/denied on the network, so they are saying it is clear. They have looked for several days and tested several times and see no blocks/denies.

Can you elaborate on the certificate issue you mentioned before?

Thanks.

ana_ved · December 18, 2020, 2:38pm

Hi @gdoyle

Ok. So if the VPN is not the root cause, what could be that you need to add the certificate needs to be known by KNIME – otherwise you run into this specific type of error. To do this, you need to install the correct key in the cacerts store of the KNIME jre enviroment.

Here we have a very nice explanation of another user who did this to a key for his database. But you can also see how to this if you look at this part of our document (specially the part that says “client side”)

You just need to first download the certificate as PEM format. You can find some tutorials how to do this depending on the browser you are using.

Does your company has a specific KNIME installation download link? It could be that they ship their own specific certificates needed for your connection to sharepoint already, and perhaps if you download from knime.com this certificate is missing.

Please let me know if now it is a bit clearer.

gdoyle · December 18, 2020, 9:56pm

@ana_ved, Thank you so much. My computer admins will have to review and hopefully get these certificates installed as required!

system · June 19, 2021, 9:56am

This topic was automatically closed 182 days after the last reply. New replies are no longer allowed.