What does "the trustAnchors parameter must be non-empty" mean?

Discussion in 'Java' started by laredotornado, Mar 17, 2009.

  1. Hi,

    I'm using Java 1.5 on Weblogic 9.2.2. I'm trying to securely connect
    to an LDAP getting the error below ..

    javax.naming.CommunicationException: simple bind failed:
    ZZZZYYYYLDP01.cable.myco.com:636 [Root exception is
    javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected
    error: java.security.InvalidAlgorithmParameterException: the
    trustAnchors parameter must be non-empty]

    Below is the code I'm using to connect to the LDAP server. Any ideas
    what the error above means? Thanks, - Dave

    Hashtable env = new Hashtable(5, 0.75f);
    env.put(Context.INITIAL_CONTEXT_FACTORY,
    "com.sun.jndi.ldap.LdapCtxFactory");
    env.put(Context.SECURITY_AUTHENTICATION, "simple");
    String ldapUser = name+"@" + this.domain;
    env.put(Context.SECURITY_PRINCIPAL, ldapUser);
    env.put(Context.SECURITY_CREDENTIALS, pass);
    String activeDirURLStr = this.ACTIVE_DIR_SERVER;
    try {
    URL activeDirURL = new URL(this.ACTIVE_DIR_SERVER);
    activeDirURLStr = activeDirURL.toString();
    } catch (MalformedURLException mfe) {
    log.error("Malformed URL Exception:" + this.ACTIVE_DIR_SERVER,
    mfe);
    } // catch
    env.put(Context.PROVIDER_URL, activeDirURLStr);
    env.put(Context.SECURITY_PROTOCOL, "ssl");

    System.setProperty("javax.net.ssl.trustStore",keyStore);

    env.put("com.sun.jndi.ldap.connect.timeout", this.ld_timeout);

    // Create and initialize variables
    InitialLdapContext context = null;
    boolean result = false;
    // try block to establish context and test username and password
    try
    {
    // Creates a context to the primary server
    context = new InitialLdapContext(env, null);
     
    laredotornado, Mar 17, 2009
    #1
    1. Advertising

  2. laredotornado

    EJP Guest

    laredotornado wrote:
    > Below is the code I'm using to connect to the LDAP server. Any ideas
    > what the error above means? Thanks, - Dave


    It usually means that JSSE couldn't find the truststore.
     
    EJP, Mar 17, 2009
    #2
    1. Advertising

  3. On Mar 17, 4:16 pm, EJP <> wrote:
    > laredotornadowrote:
    > > Below is the code I'm using to connect to the LDAP server.  Any ideas
    > > what the error above means?  Thanks, - Dave

    >
    > It usually means that JSSE couldn't find the truststore.


    I have verified that the path I'm using here ...

    System.setProperty("javax.net.ssl.trustStore",keyStore);

    exists. However, the JKS file I'm using is a file I copied from our
    Solaris servers to my local machine. Could that be a potential
    problem? - Dave
     
    laredotornado, Mar 18, 2009
    #3
  4. laredotornado

    EJP Guest

    laredotornado wrote:
    > I have verified that the path I'm using here ...
    >
    > System.setProperty("javax.net.ssl.trustStore",keyStore);
    >
    > exists.


    In the current directory when you execute your Java code?

    > However, the JKS file I'm using is a file I copied from our
    > Solaris servers to my local machine. Could that be a potential
    > problem?


    Nope.
     
    EJP, Mar 18, 2009
    #4
  5. On Mar 18, 5:45 pm, EJP <> wrote:
    > laredotornadowrote:
    > > I have verified that the path I'm using here ...

    >
    > > System.setProperty("javax.net.ssl.trustStore",keyStore);

    >
    > > exists.

    >
    > In the current directory when you execute your Java code?


    It is not in the current directory but "keyStore" is an absolute path
    on my file system. I even have this code before I set that system
    property ...

    File keyStoreFile = new File(keyStore);
    if (!keyStoreFile.exists()) {
    log.error("The keystore file " + keyStore + " does not
    exist.");
    } // if

    and no error gets printed in my log file, leading me to believe the
    file exists, but I could be overlooking something.

    Thanks for the continued help, -






    >
    > > However, the JKS file I'm using is a file I copied from our
    > > Solaris servers to my local machine.  Could that be a potential
    > > problem?

    >
    > Nope.
     
    laredotornado, Mar 19, 2009
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Pratip Mukherjee

    Help: what does this VHDL code mean?

    Pratip Mukherjee, Jun 22, 2005, in forum: VHDL
    Replies:
    16
    Views:
    1,308
    Kim Enkovaara
    Jun 27, 2005
  2. Li Ma
    Replies:
    1
    Views:
    2,360
    Roedy Green
    Mar 9, 2009
  3. Rahul
    Replies:
    4
    Views:
    623
    Robert Kern
    Apr 7, 2009
  4. Peter Horlock
    Replies:
    17
    Views:
    14,158
  5. C Barrington-Leigh
    Replies:
    1
    Views:
    1,277
    Tim Leslie
    Sep 10, 2010
Loading...

Share This Page