From: Peter Horlock on
Hi,

"out of the blue"
we are getting tons of "java.security.InvalidAlgorithmParameterException:
the trustAnchors parameter must be non-empty" Exceptions thrown on our
webserver (https).

The error occurrs (at least) in two situations:
a) We have a scropt that periodically calls an url on our webserver
b) When the server is in a certain state it contects to another https url
of an external resource. They say their certificate was still valid
(however we never exchanged any certificates, as far as I know)

On the web, I've found the following:
>http://forums.sun.com/thread.jspa?threadID=580496
>to solve this error I've generate a certificate :
>keytool -genkey -alias tomcat -keyalg RSA
>I've moved the file .keystore generated to
>/opt/sun-jdk1.5/jre/lib/security/ and rename it cacerts. (replace
>/opt/sun-jdk1.5 by the directory where you have installed java)

However, I don't understand - why would I have to do that -
When I visit the website I can see with Firefox that the website has a
valid certificate from veri sign. I haven't set it up personally, and the
guy(s) who have are not in the company anymore, so I am cautious of
touching anything (wrong).
The certificate still seems to be valid and our admins say no one has
touched anything whatsoever on the webserver, so why should I have to
touch the certificates??

Also, as far as I know the certificates created by the key tool are self
signed, so that would be less then what we already got.


Can you help me solving this very strange issue?

Thanks in advance,

Peter
From: EJP on
On 29/03/2010 8:25 PM, Peter Horlock wrote:
> we are getting tons of "java.security.InvalidAlgorithmParameterException:
> the trustAnchors parameter must be non-empty" Exceptions thrown on our
> webserver (https).

This strange message means among other things that the defined
truststore could not be opened. Your server won't normally be using a
truststore unless it is requesting client authentication or connecting
to other SSL servers, which would explain why it only happens
intermittently.
From: Peter Horlock on
Hi EJP,

could you be more concrete - how should I fix this issue then and how
comes the exception happened without any changes on our server???


Thanks in advance,

Peter

From: Lew on
Peter Horlock wrote:
> could you be more concrete - how should I fix this issue then and how
> comes the exception happened without any changes on our server???
>

Behaviors don't change by themselves; something in the environment
must have changed. Re-examine your assumptions.

EJP's answer gives you a lead or two into what might have changed.
Without being there personally, I doubt anyone here could do better
than that.

--
Lew


From: Roedy Green on
On Mon, 29 Mar 2010 11:25:29 +0200, Peter Horlock
<peter.horlock(a)googlemail.com> wrote, quoted or indirectly quoted
someone who said :

>"out of the blue"
>we are getting tons of "java.security.InvalidAlgorithmParameterException:
>the trustAnchors parameter must be non-empty" Exceptions thrown on our
>webserver (https).

Can you get a stack trace to see just where it is happening? Seeing
your code that triggered the exception would be a plausible next step.

Also try scanning the JDK for the string "trustAnchors parameter must
be non-empty". The surrounding code might give you a clue.
--
Roedy Green Canadian Mind Products
http://mindprod.com

If you tell a computer the same fact in more than one place, unless you have an automated mechanism to ensure they stay in sync, the versions of the fact will eventually get out of sync.