TransferFile Node - hostname not verified error

zeru · August 9, 2021, 1:13am

Hi,
I have a SharePoint Online Connector Node that connects with my OneDrive, and a TransferFile node to download files. But When I run this workflow on KNIME Server, I always get hostname xxx.my-sharepoint.com not verified error throw by TransferFile node. How can I make this site verified or trusted by knime server?

Thanks

wkhan · August 9, 2021, 3:47pm

Hi @zeru

Can you provide the full error? Does it by chance contain “PKIX”?

Regards,
Wali Khan

zeru · August 10, 2021, 12:08am

Hi, here is the full error message:

" * ERROR Transfer Files 6021:1217: Execute failed: Hostname mycompanydomain-my.sharepoint.com not verified: certificate: sha256/xxxsome encryped codexxx= DN: CN=.azureedge.net, O=Microsoft Corporation, L=Redmond, ST=WA, C=US subjectAltNames: [.azureedge.net, *.media.microsoftstream.com, *.origin.mediaservices.windows.net, *.streaming.mediaservices.windows.net]"

I am trying to use TrasferFile node to transfer files from OneDrive to worklflow’s data tmp folder.

wkhan · August 10, 2021, 3:53pm

Hi Zeru,

I believe this is an SSL issue. You’ll need to import the certificate into the Executor/Analytics Platform certificates. Scroll down to the Client-Side portion for the steps. KNIME Server Administration Guide

You can get the certificate you need from a browser like Chrome if you go to the sharepoint site.

Hope that helps!
Wali

zeru · August 11, 2021, 12:53am

Hi,@wkhan

Cause this error happens when the workflow is running on server side.
So I will first need to get the certificate file from SharePoint and OneDrive, then import the file into the server if I want KNIME Server to trust SharePoint or OneDrive?

What if I have more than one sites to trust, do I just simply put more nodes into config files?

Thanks,
Zeru

zeru · August 11, 2021, 1:26am

When I try to save the certificate to file, I saw 3 types of file export, which one should I choose?
a) DER encode binart X.509(.cer),
b) Base-64 encoded X.509 (.CER) or
c) Cryptographic Message Syntax Standard-PKCS #7 Certificates (.P7B)

wkhan · August 11, 2021, 4:10pm

Hi Zeru,

Yes exactly you need to import the certificate into the Server/Executor. KNIME runs on Java and if Java recognizes the certificate usually everything goes through well, but we run into this issue when Java does not recognize the certificate.

If you have more than one site you need to trust, it might be that Java already recognizes the certificate. If it doesn’t you’ll need to import the certificate.

You can export it as either .CER format, but you’ll need to convert it to .pem. You can do this with Java’s Keytool or something like OpenSSL.

Regards,
Wali Khan

zeru · August 13, 2021, 6:43am

Hi, Wali,

I’ve imported the pem into KNIME executor, and restarted the executor. But I still get that error. Is there anything I missed?

Thanks,
Zeru

wkhan · August 16, 2021, 8:38pm

Hi Zeru,

I think you need to add the DNS name for Sharepoint in the subjectAltNames in the Certificate. It doesn’t look like any of the alternative names match for Sharepoint.

Regards,
Wali Khan

system · August 23, 2021, 8:38pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.