From: Peter Horlock on 29 Mar 2010 05:25 Hi, "out of the blue" we are getting tons of "java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty" Exceptions thrown on our webserver (https). The error occurrs (at least) in two situations: a) We have a scropt that periodically calls an url on our webserver b) When the server is in a certain state it contects to another https url of an external resource. They say their certificate was still valid (however we never exchanged any certificates, as far as I know) On the web, I've found the following: >http://forums.sun.com/thread.jspa?threadID=580496 >to solve this error I've generate a certificate : >keytool -genkey -alias tomcat -keyalg RSA >I've moved the file .keystore generated to >/opt/sun-jdk1.5/jre/lib/security/ and rename it cacerts. (replace >/opt/sun-jdk1.5 by the directory where you have installed java) However, I don't understand - why would I have to do that - When I visit the website I can see with Firefox that the website has a valid certificate from veri sign. I haven't set it up personally, and the guy(s) who have are not in the company anymore, so I am cautious of touching anything (wrong). The certificate still seems to be valid and our admins say no one has touched anything whatsoever on the webserver, so why should I have to touch the certificates?? Also, as far as I know the certificates created by the key tool are self signed, so that would be less then what we already got. Can you help me solving this very strange issue? Thanks in advance, Peter
From: EJP on 29 Mar 2010 05:39 On 29/03/2010 8:25 PM, Peter Horlock wrote: > we are getting tons of "java.security.InvalidAlgorithmParameterException: > the trustAnchors parameter must be non-empty" Exceptions thrown on our > webserver (https). This strange message means among other things that the defined truststore could not be opened. Your server won't normally be using a truststore unless it is requesting client authentication or connecting to other SSL servers, which would explain why it only happens intermittently.
From: Peter Horlock on 29 Mar 2010 08:17 Hi EJP, could you be more concrete - how should I fix this issue then and how comes the exception happened without any changes on our server??? Thanks in advance, Peter
From: Lew on 29 Mar 2010 15:10 Peter Horlock wrote: > could you be more concrete - how should I fix this issue then and how > comes the exception happened without any changes on our server??? > Behaviors don't change by themselves; something in the environment must have changed. Re-examine your assumptions. EJP's answer gives you a lead or two into what might have changed. Without being there personally, I doubt anyone here could do better than that. -- Lew
From: Roedy Green on 29 Mar 2010 15:55 On Mon, 29 Mar 2010 11:25:29 +0200, Peter Horlock <peter.horlock(a)googlemail.com> wrote, quoted or indirectly quoted someone who said : >"out of the blue" >we are getting tons of "java.security.InvalidAlgorithmParameterException: >the trustAnchors parameter must be non-empty" Exceptions thrown on our >webserver (https). Can you get a stack trace to see just where it is happening? Seeing your code that triggered the exception would be a plausible next step. Also try scanning the JDK for the string "trustAnchors parameter must be non-empty". The surrounding code might give you a clue. -- Roedy Green Canadian Mind Products http://mindprod.com If you tell a computer the same fact in more than one place, unless you have an automated mechanism to ensure they stay in sync, the versions of the fact will eventually get out of sync.
|
Next
|
Last
Pages: 1 2 3 4 Prev: BufferedReader vs NIO Buffer Next: Jetty 5.1 Multiple Contexts with 1 war |