Skip to Main Content
Forums

Java APIs

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

trustAnchors parameter must be non-empty

843793Jul 31 2007 — edited Aug 1 2007
Hi,

I keep receiving this error when I try to run the client side of my RMI application using SSL from an applet.

When I run it from the same jar from the command line, it works fine.

The jar is signed by a thawte code signing certificate, and the RMI application is currently using the Sun sample keystore and truststore, though when I tried it with a 21 day Thawte test certificate, I got the same error.

The code signing certificate and the certificate used for authentication aren't in the same keystore, could this be a problem?

Because it works when it is not being an applet, I assume that the error is either a problem with my browser, or the applet code.

The error occurs for me in both Firefox and IE7.

Exception occured:error during JRMP connection establishment; nested exception is:
javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
java.rmi.ConnectIOException: error during JRMP connection establishment; nested exception is:
javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
at sun.rmi.transport.tcp.TCPChannel.createConnection(Unknown Source)
at sun.rmi.transport.tcp.TCPChannel.newConnection(Unknown Source)
at sun.rmi.server.UnicastRef.invoke(Unknown Source)
at HelloImpl_Stub.sayHello(Unknown Source)
at HelloClient.<init>(HelloClient.java:116)
at applet.start(applet.java:57)
at sun.applet.AppletPanel.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty


the applet code i use is this: 
import java.awt.*;
import java.awt.event.*;
import javax.swing.*;
 
public class applet extends JApplet
{
    public void start()
    {
         HelloClient app = new HelloClient();	    
	 app.setVisible(true);
    }
}
I tried using this piece of code after I imported my truststore into the cacerts file. 
String filename = System.getProperty("java.home")
+ "/lib/security/cacerts".replace('/', File.separatorChar);
String password = "changeit";
System.setProperty("javax.net.ssl.trustStore",filename);
System.setProperty("javax.net.ssl.trustStorePassword",password);
But I then got an error telling me :

unable to find valid certification path to requested target

I plan to purchase a proper CA certificate for authentication, but need to be sure the application will be running before I do that. Will using a cert from a CA that is in the trust certs list for both JVM and browsers solve this problem?
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Aug 29 2007
Added on Jul 31 2007
#remote-method-invocation-rmi
4 comments
4,102 views