Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

What does "the trustAnchors parameter must be non-empty" mean?

378 views
Skip to first unread message

laredotornado

unread,
Mar 17, 2009, 4:49:45 PM3/17/09
to
Hi,

I'm using Java 1.5 on Weblogic 9.2.2. I'm trying to securely connect
to an LDAP getting the error below ..

javax.naming.CommunicationException: simple bind failed:
ZZZZYYYYLDP01.cable.myco.com:636 [Root exception is
javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected
error: java.security.InvalidAlgorithmParameterException: the
trustAnchors parameter must be non-empty]

Below is the code I'm using to connect to the LDAP server. Any ideas
what the error above means? Thanks, - Dave

Hashtable env = new Hashtable(5, 0.75f);
env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
String ldapUser = name+"@" + this.domain;
env.put(Context.SECURITY_PRINCIPAL, ldapUser);
env.put(Context.SECURITY_CREDENTIALS, pass);
String activeDirURLStr = this.ACTIVE_DIR_SERVER;
try {
URL activeDirURL = new URL(this.ACTIVE_DIR_SERVER);
activeDirURLStr = activeDirURL.toString();
} catch (MalformedURLException mfe) {
log.error("Malformed URL Exception:" + this.ACTIVE_DIR_SERVER,
mfe);
} // catch
env.put(Context.PROVIDER_URL, activeDirURLStr);
env.put(Context.SECURITY_PROTOCOL, "ssl");

System.setProperty("javax.net.ssl.trustStore",keyStore);

env.put("com.sun.jndi.ldap.connect.timeout", this.ld_timeout);

// Create and initialize variables
InitialLdapContext context = null;
boolean result = false;
// try block to establish context and test username and password
try
{
// Creates a context to the primary server
context = new InitialLdapContext(env, null);

EJP

unread,
Mar 17, 2009, 6:16:12 PM3/17/09
to
laredotornado wrote:
> Below is the code I'm using to connect to the LDAP server. Any ideas
> what the error above means? Thanks, - Dave

It usually means that JSSE couldn't find the truststore.

laredotornado

unread,
Mar 18, 2009, 2:53:56 PM3/18/09
to
On Mar 17, 4:16 pm, EJP <esmond.not.p...@not.bigpond.com> wrote:
> laredotornadowrote:

> > Below is the code I'm using to connect to the LDAP server.  Any ideas
> > what the error above means?  Thanks, - Dave
>
> It usually means that JSSE couldn't find the truststore.

I have verified that the path I'm using here ...

System.setProperty("javax.net.ssl.trustStore",keyStore);

exists. However, the JKS file I'm using is a file I copied from our
Solaris servers to my local machine. Could that be a potential
problem? - Dave

EJP

unread,
Mar 18, 2009, 7:45:01 PM3/18/09
to
laredotornado wrote:
> I have verified that the path I'm using here ...
>
> System.setProperty("javax.net.ssl.trustStore",keyStore);
>
> exists.

In the current directory when you execute your Java code?

> However, the JKS file I'm using is a file I copied from our
> Solaris servers to my local machine. Could that be a potential
> problem?

Nope.

laredotornado

unread,
Mar 19, 2009, 9:47:22 AM3/19/09
to
On Mar 18, 5:45 pm, EJP <esmond.not.p...@not.bigpond.com> wrote:
> laredotornadowrote:
> > I have verified that the path I'm using here ...
>
> > System.setProperty("javax.net.ssl.trustStore",keyStore);
>
> > exists.
>
> In the current directory when you execute your Java code?

It is not in the current directory but "keyStore" is an absolute path
on my file system. I even have this code before I set that system
property ...

File keyStoreFile = new File(keyStore);
if (!keyStoreFile.exists()) {
log.error("The keystore file " + keyStore + " does not
exist.");
} // if

and no error gets printed in my log file, leading me to believe the
file exists, but I could be overlooking something.

Thanks for the continued help, -

0 new messages