. Advertisement .
. Advertisement .
“Java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty” is a common error that many programmers encounter. It show up in many ways. What is the cause of it and how to fix it? Let’s read this article. We will help you answer these answers.
When does the error “java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty” occur?
When you run your program, you easily can encounter the following error:
java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be
When using the HTTPS protocol to connect Artifactory to a remote endpoint, this problem frequently happens. Additionally, the problem will only occur if you attempt to connect to an application that supports SSL or that is hosted by a load balancer or reverse proxy that supports SSL. The error message will be returned in such cases. The constructor also raises the anticipated exception. In other words, when there are no trustworthy certificates in the specified KeyStore, it is not feasible to construct an instance of the PKIXParameters class.
How to fix the error “java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty”
Method 1: Use the following command:
To check whether the SSL certificates, which are utilized by Xray or any other remote endpoint, are signed by itself or if a certain certificate has been signed by a recognized certificate authority, you can use the following command:
openssl s_client -showcerts -connect myxray.com:443
If any of your certificates are self-signed, you must adhere to the requirements in the following sections to import them into your Java trusted keystore (cacerts). If you get the error message above despite the SSL cert being certified by a well-known certificate authority (such as GoDaddy, GlobalSign,Symantec, DigiCert, etc.), it’s possible that your Artifactory instance is referring to an invalid truststore. The Java option “-Djavax.net.ssl.trustStore=/home/path/to/cacerts” can be used to verify this.
For a service installation of Artifactory, in the default file located in the $ARTIFACTORY HOME/etc/ folder. If this option is set in the default file, Artifactory will utilize the “cacerts” location specified in the java option rather than the default java truststore located in $JAVA HOME/lib/security/cacerts. When attempting to connect to an HTTPS endpoint, an error would be generated if the “cacerts” file provided in the java option is invalid.
Method 2: Check to make sure that the HTTP connector’s certificate truststore file
Excepting the solution mentioned above, there is anotther solution for you to solve the error “java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty”. Let’s follow these steps:
Check to make sure that the HTTP connector’s certificate truststore file, which is configured in server.xml using the truststorefile argument, is not empty. Use the following command instead:
keytool -list -keystore <truststore file>
There must be at least one entry in the keystore. Add one trustworthy certificate using the following command if the trust store is empty:
keytool -import -alias <alias> -file <certificate file> -storetype JKS -keystore tomcat-certstore.jks
Alternatively, let’s use the default PASOE truststore found at CATALINA BASE/conf/tomcat-certstore.jks (Copy the document to CATALINA BASE/conf, then make the necessary server.xml configuration changes.) In the case the certificates truststore file for the HTTP connecto are exists.
Has the appropriate read permissions set up so that the PASOE instance can open and read the contents of the file.
Method 3: Delete the Java option from your configuration file
Your Java parameters are set in the artifactory.default file located in the $ARTIFACTORY HOME/bin/ folder if your Artifactory case is a standalone zip installation. If your Java option has been set up to point to a certain cacerts location, check this file to determine if it has been done so. Here is a link that illustrates where the Artifactory java settings are configured according to the installation type: Installing Artifactory If so, either delete the Java option from your configuration file or set it to point to the location of your valid cacerts file. Restart Artifactory after that. By removing the java option -Djavax.net.ssl.trustStore, Artifactory will be forced to use the $JAVA HOME/lib/security/cacerts default truststore.
For individuals who are still confused by this error “java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty” the solutions listed above are the quickest. We believe that with these knowledge you can easily solve your problem. If you still need help or have any questions, we have a thriving community where everyone is always willing to help. Finally, we wish you a successful day filled with new solutions and code.