What does "the trustAnchors parameter must be non-empty" mean?

[laredotornado]

Hi,

I'm using Java 1.5 on Weblogic 9.2.2. I'm trying to securely connect
to an LDAP getting the error below ..

javax.naming.CommunicationException: simple bind failed:
ZZZZYYYYLDP01.cable.myco.com:636 [Root exception is
javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected
error: java.security.InvalidAlgorithmParameterException: the
trustAnchors parameter must be non-empty]

Below is the code I'm using to connect to the LDAP server. Any ideas
what the error above means? Thanks, - Dave

Hashtable env = new Hashtable(5, 0.75f);
env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
String ldapUser = name+"@" + this.domain;
env.put(Context.SECURITY_PRINCIPAL, ldapUser);
env.put(Context.SECURITY_CREDENTIALS, pass);
String activeDirURLStr = this.ACTIVE_DIR_SERVER;
try {
URL activeDirURL = new URL(this.ACTIVE_DIR_SERVER);
activeDirURLStr = activeDirURL.toString();
} catch (MalformedURLException mfe) {
log.error("Malformed URL Exception:" + this.ACTIVE_DIR_SERVER,
mfe);
} // catch
env.put(Context.PROVIDER_URL, activeDirURLStr);
env.put(Context.SECURITY_PROTOCOL, "ssl");

System.setProperty("javax.net.ssl.trustStore",keyStore);

env.put("com.sun.jndi.ldap.connect.timeout", this.ld_timeout);

// Create and initialize variables
InitialLdapContext context = null;
boolean result = false;
// try block to establish context and test username and password
try
{
// Creates a context to the primary server
context = new InitialLdapContext(env, null);

 

[EJP]

Below is the code I'm using to connect to the LDAP server. Any ideas
what the error above means? Thanks, - Dave

It usually means that JSSE couldn't find the truststore.

 

[laredotornado]

laredotornadowrote:

It usually means that JSSE couldn't find the truststore.

I have verified that the path I'm using here ...

System.setProperty("javax.net.ssl.trustStore",keyStore);

exists. However, the JKS file I'm using is a file I copied from our
Solaris servers to my local machine. Could that be a potential
problem? - Dave

 

[EJP]

I have verified that the path I'm using here ...

System.setProperty("javax.net.ssl.trustStore",keyStore);

exists.

In the current directory when you execute your Java code?

However, the JKS file I'm using is a file I copied from our
Solaris servers to my local machine. Could that be a potential
problem?

Nope.

 

[laredotornado]

laredotornadowrote:

In the current directory when you execute your Java code?

It is not in the current directory but "keyStore" is an absolute path
on my file system. I even have this code before I set that system
property ...

File keyStoreFile = new File(keyStore);
if (!keyStoreFile.exists()) {
log.error("The keystore file " + keyStore + " does not
exist.");
} // if

and no error gets printed in my log file, leading me to believe the
file exists, but I could be overlooking something.

Thanks for the continued help, -