trustAnchors parameter

Thank youo very much for your response.

( First excuse me for my poor english ). In fac my error was not excatly similar. I've put my error bellow and my solution after.

**********************************************************************************************************************************

AxisFault

faultCode: {http://xml.apache.org/axis/}Server.userException

faultString: javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty

faultActor: null

faultDetail:

stackTrace: javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty

at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:166)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1476)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1443)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1426)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1045)

at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:244)

at org.apache.axis.transport.http.HTTPSender.getSecureSocket(HTTPSender.java:156)

at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:116)

at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:71)

at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:156)

at org.apache.axis.SimpleChain.invoke(SimpleChain.java:126)

at org.apache.axis.client.AxisClient.invoke(AxisClient.java:182)

at org.apache.axis.client.Call.invokeEngine(Call.java:2113)

at org.apache.axis.client.Call.invoke(Call.java:2102)

at org.apache.axis.client.Call.invoke(Call.java:1851)

at org.apache.axis.client.Call.invoke(Call.java:1777)

at org.apache.axis.client.Call.invoke(Call.java:1315)

at steph.client.identification.WsSecureDirectoryBindingStub.authentify(WsSecureDirectoryBindingStub.java:121)

at steph.struts.WSLoginFacade.authentify(WSLoginFacade.java:42)

at steph.struts.LoginAction.execute(LoginAction.java:30)

at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:437)

at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:264)

at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1161)

at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:471)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:709)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:237)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:157)

at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:214)

at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)

at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)

at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:198)

at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:152)

at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)

at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)

at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137)

at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)

at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)

at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)

at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)

at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)

at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)

at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)

at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929)

at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160)

at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:799)

at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:705)

at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:577)

at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:683)

at java.lang.Thread.run(Thread.java:595)

Caused by: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty

at sun.security.validator.PKIXValidator.<init>(PKIXValidator.java:56)

at sun.security.validator.Validator.getInstance(Validator.java:146)

at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.getValidator(X509TrustManagerImpl.java:105)

at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:167)

at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(SSLContextImpl.java:320)

at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:839)

at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106)

at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)

at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:815)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1025)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1038)

... 45 more

Caused by: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty

at java.security.cert.PKIXParameters.setTrustAnchors(PKIXParameters.java:183)

at java.security.cert.PKIXParameters.<init>(PKIXParameters.java:103)

at java.security.cert.PKIXBuilderParameters.<init>(PKIXBuilderParameters.java:87)

at sun.security.validator.PKIXValidator.<init>(PKIXValidator.java:54)

... 56 more

javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty

at org.apache.axis.AxisFault.makeFault(AxisFault.java:120)

at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:134)

at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:71)

at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:156)

at org.apache.axis.SimpleChain.invoke(SimpleChain.java:126)

at org.apache.axis.client.AxisClient.invoke(AxisClient.java:182)

at org.apache.axis.client.Call.invokeEngine(Call.java:2113)

at org.apache.axis.client.Call.invoke(Call.java:2102)

at org.apache.axis.client.Call.invoke(Call.java:1851)

at org.apache.axis.client.Call.invoke(Call.java:1777)

at org.apache.axis.client.Call.invoke(Call.java:1315)

at steph.client.identification.WsSecureDirectoryBindingStub.authentify(WsSecureDirectoryBindingStub.java:121)

at steph.struts.WSLoginFacade.authentify(WSLoginFacade.java:42)

at steph.struts.LoginAction.execute(LoginAction.java:30)

at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:437)

at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:264)

at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1161)

at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:471)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:709)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:237)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:157)

at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:214)

at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)

at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)

at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:198)

at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:152)

at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)

at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)

at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137)

at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)

at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)

at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)

at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)

at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)

at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)

at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)

at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929)

at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160)

at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:799)

at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:705)

at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:577)

at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:683)

at java.lang.Thread.run(Thread.java:595)

Caused by: javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty

at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:166)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1476)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1443)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1426)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1045)

at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:244)

at org.apache.axis.transport.http.HTTPSender.getSecureSocket(HTTPSender.java:156)

at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:116)

... 42 more

Caused by: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty

at sun.security.validator.PKIXValidator.<init>(PKIXValidator.java:56)

at sun.security.validator.Validator.getInstance(Validator.java:146)

at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.getValidator(X509TrustManagerImpl.java:105)

at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:167)

at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(SSLContextImpl.java:320)

at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:839)

at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106)

at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)

at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:815)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1025)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1038)

... 45 more

Caused by: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty

at java.security.cert.PKIXParameters.setTrustAnchors(PKIXParameters.java:183)

at java.security.cert.PKIXParameters.<init>(PKIXParameters.java:103)

at java.security.cert.PKIXBuilderParameters.<init>(PKIXBuilderParameters.java:87)

at sun.security.validator.PKIXValidator.<init>(PKIXValidator.java:54)

... 56 more

steph.struts.WSException: javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty

at steph.struts.WSLoginFacade.authentify(WSLoginFacade.java:47)

at steph.struts.LoginAction.execute(LoginAction.java:30)

at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:437)

at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:264)

at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1161)

at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:471)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:709)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:237)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:157)

at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:214)

at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)

at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)

at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:198)

at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:152)

at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)

at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)

at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137)

at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)

at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)

at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)

at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)

at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)

at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)

at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)

at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929)

at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160)

at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:799)

at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:705)

at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:577)

at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:683)

at java.lang.Thread.run(Thread.java:595)

Jan 20, 2005 6:09:25 PM org.apache.struts.action.RequestProcessor processException

WARNING: null

************************************************************************************************************************************************

to solve this error I've generate a certificate :

keytool -genkey -alias tomcat -keyalg RSA

I've moved the file .keystore generated to /opt/sun-jdk1.5/jre/lib/security/ and rename it cacerts. (replace /opt/sun-jdk1.5 by the directory where you have installed java)

I've done all this step since a long time but I've haven't seen that my code indicate a false path for the keystore. (System.setProperty("javax.net.ssl.trustStore", .......))

So I removed this line and all worked fine.

ShadowShada at 2007-7-8 1:04:23 >

Hi, I had the same problem and this is the way I solved it:

I put the certstore in the classpath near a known class, for example es.fnmt.ceres.sample.class, then:

Url url=Class.forName("es.fnmt.ceres.sample").getResource(揷ertStore?;

String path= url.getPath());

System.setProperty("javax.net.ssl.trustStore",path);

It isn抰 a cute solution, but it worked for me.

Cheers

David.Sacristana at 2007-7-8 1:04:23 >

ok; I'm getting the error too. completely different situation. I'm trying to use a jira plug in for eclipse.

I went in and configured my plup in:

1. Go to the Jira site with IE

2. Double-click on the padlock icon in the bottom right of the screen.

3. In the 'Details' tab, click on Copy to file.

4. Follow the wizard and export the file as a DER encoded .cer file.

5. Import it into java's ca keystore (Open up a command prompt and type: keytool -import -file <file.cer>)

6. When prompted for a keystore password enter <password>

7. Add the following line to your eclipse.ini, or edit it if it is already in there:

-Djavax.net.ssl.trustStore=/Documents and Settings/<username>/.keystore

I tried that and the error I get when trying to connect with the server is: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty

I have tried moving my .keystore fileout of my Documents and Settings path.

moved it to /trustStore/.keystore. still doesn't work.

At this point not sure how know that "JRE 1.5 or 1.6 url returns for path with space %20 instead of space character" can help me. Any help will be appreciated.

fgabrielcruza at 2007-7-8 1:04:23 >

Maybe you can try something like this, in order of avoid put the jks file with a class file...

String trustStorePath = ((HttpServletRequest) getFacesContext().getExternalContext().getRequest()).getSession().getServletContext().getRealPath("/WEB-INF/anystore.jks");

System.setProperty("javax.net.ssl.trustStore", trustStorePath);

I'm using faces, but it could be any httpservletrequest.

JuanFernandoa at 2007-7-8 1:04:24 >