{"id":14977,"date":"2018-04-10T10:38:42","date_gmt":"2018-04-10T17:38:42","guid":{"rendered":"https:\/\/ephesoft.com\/docs\/?p=14977"},"modified":"2020-08-26T16:14:47","modified_gmt":"2020-08-26T23:14:47","slug":"kb00021767-java-security-invalidalgorithmparameterexception-the-trustanchors-parameter-must-be-non-empty","status":"publish","type":"post","link":"https:\/\/ephesoft.com\/docs\/kb00021767-java-security-invalidalgorithmparameterexception-the-trustanchors-parameter-must-be-non-empty\/","title":{"rendered":"KB00021767: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty"},"content":{"rendered":"
Issue Description:<\/strong><\/p>\n If you are observing below Error message when Ephesoft is configured over https in tomcat and truststore & keystore are referencing to same jks file which doesn’t contain any CA Certificate .<\/p>\n 2018-04-03 14:26:23,092 [main] ERROR org.apache.coyote.http11.Http11NioProtocol- Failed to initialize end point associated with ProtocolHandler [“https-jsse-nio-443”] Component:<\/strong><\/p>\n Tomcat<\/p>\n <\/p>\n Ephesoft Version:<\/strong><\/p>\n Ephesoft 4.5.0.0<\/p>\n <\/p>\n Solution<\/strong>:<\/p>\n If we use same .jks file as a keystore and as a truststore, then the server start up is failing with following error : java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty. Also if you are not using PIV\/CAC, so you are not required to set truststoreFile option in connector settings. Issue Description: If you are observing below Error message when Ephesoft is configured over https in tomcat and truststore & […]<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[12337],"tags":[1291,944,727,1290],"yoast_head":"\n
\n\u00a0Caused by: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty<\/strong><\/em>
\nat java.security.cert.PKIXParameters.setTrustAnchors(PKIXParameters.java:200) ~[?:1.8.0_144]
\nat java.security.cert.PKIXParameters.<init>(PKIXParameters.java:157) ~[?:1.8.0_144]
\nat java.security.cert.PKIXBuilderParameters.<init>(PKIXBuilderParameters.java:130) ~[?:1.8.0_144]
\nat org.apache.tomcat.util.net.jsse.JSSEUtil.getParameters(JSSEUtil.java:368) ~[tomcat-coyote.jar:8.5.23]
\nat org.apache.tomcat.util.net.jsse.JSSEUtil.getTrustManagers(JSSEUtil.java:292) ~[tomcat-coyote.jar:8.5.23]
\nat org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:113) ~[tomcat-coyote.jar:8.5.23]
\n… 20 more<\/p>\n
\nKeystore is to store the ServerCerts and TrustStore is to store the CA certs. On adding at least one CA certificate in the .jks, above issue will be resolved.<\/p>\n
\nAlso, the change in behaviour b\/w 4120\/4130 and 4500 is because of Tomcat version upgrade.<\/p>\n","protected":false},"excerpt":{"rendered":"