Issue
The following error is seen when the Java agent is attempting to make a secure connection to the Contrast UI.
Problem resolving features with com.contrastsecurity.agent.features.%
javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
Cause
There can be many causes for this error but generally it indicates an inability to access the truststore.
Resolution
This problem can occur when the JVM is unable to find or access the truststore being passed to it. The first step in diagnosing the issue is to check the following:
- Is a custom truststore being supplied (-Djavax.net.ssl.truststore=)?
- Is the file being pointed to accessible to the user running the JVM?
- If this JVM property isn't in use, is the default Java truststore accessible to the user running the JVM and on disk?
You can read more on Oracle's site about truststore
You can also run a couple of tests with the Contrast Agent itself to help further identify the problem:
Using default truststore, run:
java -Djavax.net.debug=all - jar contrast.jar diagnostic
Using a custom truststore, run:
java -Djavax.net.debug=all -Djavax.net.ssl.trustStore=/opt/ssl/customTrustStore.jks -jar contrast.jar diagnostic
The output from these commands will confirm whether the agent is able to make a successful connection to the Contrast UI.
If the output of these commands indicates that the agent is unable to connect to the Contrast UI, please use the Submit a Request link below and the Contrast Support team will be able to assist further.