Java.Security.Invalidalgorithmparameterexception: the Trustanchors Parameter Must Be Non-Empty on Linux, or Why Is the Default Truststore Empty

Error - trustAnchors parameter must be non-empty

This bizarre message means that the trustStore you specified was:

• empty,
• not found, or
• couldn't be opened
  
  • (due to wrong/missing trustStorePassword, or
  • file access permissions, for example).

See also @AdamPlumb's answer below.

java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty on Linux, or why is the default truststore empty

The standard Sun JDK for linux has an absolutely ok cacerts and overall all files in the specified directory. The problem is the installation you use.

Error - trustAnchors parameter must be non-empty

This bizarre message means that the trustStore you specified was:

• empty,
• not found, or
• couldn't be opened
  
  • (due to wrong/missing trustStorePassword, or
  • file access permissions, for example).

See also @AdamPlumb's answer below.

Maven Error: (repeated) java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty

Today I found the reason:

Way back in history I once had set the WINDOWS environment variable MAVEN_OPTS by
"setx MAVEN_OPTS "-Djavax.net.ssl.trustStore....".

The path specified here does no longer exist.

It seems this setting supersedes even the request showed in my question. I consider this behaviour to be at least unexpected but anyway. When I fixed the environment variable (pointing to the new path; but I'm going to delete it anyway) the mvn-requests worked fine.

Maven: trustAnchors parameter must be non-empty and 'parent.relativePath' @ InvalidAlgorithmParameterException @ Non-resolvable parent POM

According to what I found out there is a weakness in the distribution package on Ubuntu Linux for OpenJDK Java 9 and above. So installing default-jdk may break things.

Citation from: (https://bugs.launchpad.net/ubuntu/+source/openjdk-lts/+bug/1768799) + additional certificate updates.

Note that re-installing default-jdk is optional and openjdk-8 could be continually to be used.

Workaround: remove default-jdk, install openjdk-8, remove openjdk-8 and reinstall default-jdk:

sudo apt purge openjdk-default java-common

sudo apt purge default-jdk java-common

sudo dpkg --purge --force-depends ca-certificates-java

sudo apt install openjdk-8-jre

sudo apt-get install ca-certificates-java

sudo apt purge openjdk-8-jre

sudo apt install default-jdk

After this i also found out that the version of Spring I was using didn't run well on Java 10.0.1 so back to Java 8.x for that purpose.

iTunes Autoingestion error: the trustAnchors parameter must be non-empty

It turns out that my linux machine's distribution of Java didn't have a copy of the cacerts file which contains the necessary SSL certs. I grabbed a copy from my Mac and installed it on my linux server it is working fine now.

I discovered the answer on this SO post: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty on Linux, or why is the default truststore empty

---

Related Topics