InvalidAlgorithmParameterException: trustAnchors parameter must be non-empty

Question

InvalidAlgorithmParameterException: trustAnchors parameter must be non-empty

I get this strange error from my java code:

java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty

The command I used to create the keystore: keytool -genkey -alias tomcat -keystore keystore.jks

Here is my Java code:

import java.security.cert.PKIXParameters;
import java.security.KeyStore;
import java.io.FileInputStream;

public class MyKeyTest {
    public static void main(String[] args) throws Exception {
        KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
        String password = "mypass";
        ks.load(new FileInputStream("keystore.jks"), password.toCharArray());
        new PKIXParameters(ks);
    }
}

I tried google for this error, but basically it says that this happens when the keystore is not found or not allowed to read.

But none of these two cases is true in my case. Any ideas?

+4

java keytool pki

bohanl May 27 '14 at 6:27

source share

1 answer

Sanjeev · Answer 1 · 2017-07-10T19:42:00+0000

A bit of a brief and simplified background, if this is not clear. The PKIXParameters object is used to verify the client certificate . This is a way to allow or deny access to your web resources. This usually works:

(CA), ( ).
( )
CA , . CA , .

keystore.jks - . ( ). ca,

keytool -import -alias <an alias for the CA cert> -file <the trusted CA cert> -keystore <your keystore>

CA ,

" " / "" / "" "".
" " (, " Microsoft" )
( msroot.cer).
keytool -import -alias msroot -file msroot.cer -keystore keystore.jks

, Java- keystore.jks, .

InvalidAlgorithmParameterException: trustAnchors parameter must be non-empty

More articles: