Skip to main content
  • EN

I have an FME workspace that sends me an email during certain error conditions. This works great on my remote laptop, but fails on my onsite desktop machine. The FME workspace needs to be run nightly on my desktop machine. This means that I won’t get the email (and won’t be notified of the error conditions).

 

On my desktop machine, I get this error message: ERROR_DURING_PROCESSING

<class 'requests.exceptions.SSLError'>: HTTPSConnectionPool(host='graph.microsoft.com', port=443): Max retries exceeded with url: /v1.0/me/sendMail (Caused by SSLError(SSLCertVerificationError(1, 'rSSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: certificate has expired (_ssl.c:1000)')))

 

The only difference I can think of is that my laptop use a VPN connection and my desktop machine is on the company network. I contacted someone in our IT department and they want to know the name of the certificate which I don’t know.

Does anyone have ideas on how to resolve this? 

Thanks, Chuck

Sorry, ignore the below, just realized you specifically mentioned the Email Transformer in the title.

Interesting that the URL mentioned in the error is graph.microsoft.com. I’d have guessed the server being used would be smtp.office365.com



-----------------------------------------------------------------------------------------------------------------

Assuming this is using an HTTPCaller? Under SSL/TLS you can set Verify SSL Certificate to No. This should resolve this problem

 

 

Could it be that the onsite machine is going through an enterprise proxy with an expired certificate?

I agree that disabling certificate validation in the HTTPCaller (if you’re using it) might be a workaround, but it’s not recommend in production due to potential security issues.

You can verify the certificate chain by opening this address, which I based on the error message, in your browser from the onsite machine:

https://graph.microsoft.com/v1.0/me/sendMail

And then selecting “view certificate” in your browser. The exact way to do this depends on your browser. You’ll want to check the validity of all the referenced certificates, in particular if they’re not from either DigiCert or Microsoft.

Thank you for the responses. I neglected to mention that I’m using Microsoft for my Email Service.

I entered https://graph.microsoft.com/v1.0/me/sendMail on both my onsite desktop machine and remote laptop, and both gave the following.

 "error": {    "code": "InvalidAuthenticationToken",    "message": "Access token is empty.",

Using Google Chrome, I drilled down to “Three Dots Menu > More Tools > Developer Tools , then clicked the "Security" tab. The cert is valid and trusted (on both machines). 

At this point, I’m thinking of using a Gmail account. It’s very useful to receive an email when my workspace produces certain error conditions.

Seconding what David said, could well be a proxy

Looking into that url, its not an SMTP Service, rather a REST API
https://learn.microsoft.com/en-us/graph/api/user-sendmail?view=graph-rest-1.0&tabs=http
so should you instead be using an HTTPCaller?


Or are you using the Microsoft Mail webservice that comes with FME? You can disable SSL Verification under the parameters drop down
 

 

If you are using this, its best to setup you own Web Service (not using the default one) so you have full control over the client and app id.

My Microsoft Mail parameters were similar but different from yours. I turned off Verify HTTPS Certs and it worked!! Thank you very much.

 

Reply


Community Stats

30,108
Posts
114,295
Replies
37,743
Members
Terms & ConditionsCookie settings
A product of
Safe Software respectfully acknowledges that we live, learn and work on the traditional and unceded territories of the Kwantlen, Katzie, and Semiahmoo First Nations.