Java Agent Fails to Connect to Contrast UI: trustAnchors parameter must be non-empty

  • Updated

Issue

The following error is seen when the Java agent is attempting to make a secure connection to the Contrast UI.

Problem resolving features with com.contrastsecurity.agent.features.%
javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty

Cause

There can be many causes for this error but generally it indicates an inability to access the truststore

Resolution

This problem can occur when the JVM is unable to find or access the truststore being passed to it. The first step in diagnosing the issue is to check the following:

  • Is a custom truststore being supplied (-Djavax.net.ssl.truststore=)?
    • Is the file being pointed to accessible to the user running the JVM?
  • If this JVM property isn't in use, is the default Java truststore accessible to the user running the JVM and on disk?

You can read more on Oracle's site about truststore

You can also run a couple of tests with the Contrast Agent itself to help further identify the problem:

Using default truststore, run:

java -Djavax.net.debug=all - jar contrast.jar diagnostic

Using a custom truststore, run:

java -Djavax.net.debug=all -Djavax.net.ssl.trustStore=/opt/ssl/customTrustStore.jks -jar contrast.jar diagnostic

The output from these commands will confirm whether the agent is able to make a successful connection to the Contrast UI.

 If the output of these commands indicates that the agent is unable to connect to the Contrast UI, please use the Submit a Request link below and the Contrast Support team will be able to assist further.

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request