Bootstrap FreeKB - Tomcat - Resolve "the trustAnchors parameter must be non-empty"
Tomcat - Resolve "the trustAnchors parameter must be non-empty"
Updated:   |  Tomcat articles

Let's say the following stack trace is being captured in your Tomcat application servers catalina.log file.

13-Apr-2022 00:00:58.820 SEVERE [main] org.apache.catalina.core.StandardService.initInternal Failed to initialize connector [Connector[HTTP/1.1-8443]]
        org.apache.catalina.LifecycleException: Protocol handler initialization failed
        Caused by: java.lang.IllegalArgumentException: the trustAnchors parameter must be non-empty

 

This typically occurs when:

  • The Tomcat application server is using a truststore that contains 0 entries
  • The Tomcat application server has an invalid password for the truststore
  • The truststore could be be read

 

As an example, let's say your Tomcat application servers the ${tomcat_install_root}/bin/setenv.sh has the following. Notice in this example that the truststore file is trust.p12.

TRUSTSTORE="-Djavax.net.ssl.trustStore=/path/to/trust.p12"
TRUSTSTORE_PASSWORD="-Djavax.net.ssl.trustStorePassword=itsasecret"

 

The Java keytool command can be used to list the certificates in the truststore. Check to see if the password in setenv.sh can be used to read the truststore and check if the truststore "contains 0 entries".

~]# keytool -keystore /path/to/trust.p12 -storetype pkcs12 -list
Keystore type: PKCS12
Keystore provider: SunJSSE

Your keystore contains 0 entries

 

Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee


Comments


Add a Comment


Please enter 179fc9 in the box below so that we can be sure you are a human.