Maven Error: (repeated) java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty

Question

Have to ask again. Someone thought it was a duplicate question and already answered and removed it from the list.

I'm using maven (mvn) batch command with windows (not m2e with eclipse) to run clean install or resolve dependencies. Sometimes, when pom.xml was changed, it is necessary to download artifacts from our nexus server. This used to work for long time for me.

But now the connection to the nexus server (https, the server uses a company owned certificate) fails with "java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty" I know, I changed the Java release. But I'm pretty sure I maintained the cacerts keystore the same way I did with the previous releases. (at leased I compared the fingerprints in both of the cacerts; they are the same).

When running the command "mvn -s -Djavax.net.debug=all -Djava.net.ssl.trustStore="C:/Programme/Java/jre1.8.0_102/lib/security/cacerts" -Djavax.net.ssl.trustStorePassword=changeit dependency:resolve", the ssl-trace says:

keyStore is :    
keyStore type is : jks
keyStore provider is : 
init keystore
init keymanager of type SunX509
trustStore is: No File Available, using empty keystore.
trustStore type is : jks
trustStore provider is : 
init truststore

Even if specifying the path and the password of the keystore in the command, the answer in the ssl trace is that it could not be found.

I've no idea what I might have changed to get to this trouble. I changed the Windows PATH-Statement, but this should not matter fro the previously described command. Any hint is appreciated

Answer 1

I use Oracle JDK to replace OpenJDK, this problem was solved. By the way both version is 8.

Answer 2

For those facing this issue on Windows, I had the same error when compiling build with maven on Windows10, after a lot of searching I came to realize that the java > jdk-x.x.x directory is missing lib/security/cacerts.

the error went away after copying cacerts file from the existing jre > lib/security directory (or download if not existing) to jdk > lib/security directory

Answer 3

I faced the same issue on Windows. I had two Java installed. Oracle Java and OpenJDK and Maven was compiling with OpenJDK and it was giving this issue.

Since I wanted to continue compiling the source code using OpenJDK, to fix the issue, I specified the truststore path to Oracle JRE's cacerts library in the Maven command as follows.

mvn clean install -DskipTests -Djavax.net.ssl.trustStore=/path-to-oracle-java/jre/lib/security/cacerts

Answer 4

I manage manually my jdk and was getting this error with openjdk-8. I replaced the cacerts with the one of the openjdk-11 and it worked just fine. If you try this, make sure to backup your cacerts first.

Answer 5

a more ez way to fix this problem: 1.go to download Corretto OpenJDK published by Amazon 2.install it according to its guide. 3.set to use this Java DK.

problem fixed in my Ubuntu 18.

Answer 6

I had the same issue and it took me a day to solve it. This a java related issue as you may see in the error stack. Check in:

/etc/ssl/certs/java for the cacerts file.
1) If you don't have this file here that is the reason why your getting this error
2) If you do have this file here it means that this is probably not a valid cacerts file.

If you want you can update it with:
sudo apt-get install --reinstall ca-certificates
And if it works now, then perfect (in my case it did not work)

So to solve this:

1. Download from open-jdk8 (in my case) directly from oracle
2. Extract the tar.gz files
3. Find the new valid cacerts file under jre/lib/security
4. Copy this file to /etc/ssl/certs/java (removing the old one if that is your case)

Finally run the comand that caused you this error and hopefully its gone! Hope this helped.

Cheers

Answer 7

The fact that the invalid parameter in the environment was not overruled with the trustStore setting on the commandline, was probably due to the fact that there is a typo in your commandline. It says:

-Djava.net.ssl.trustStore=...

But this should have been:

-Djavax.net.ssl.trustStore=...

Answer 8

Today I found the reason:

Way back in history I once had set the WINDOWS environment variable MAVEN_OPTS by "setx MAVEN_OPTS "-Djavax.net.ssl.trustStore....".

The path specified here does no longer exist.

It seems this setting supersedes even the request showed in my question. I consider this behaviour to be at least unexpected but anyway. When I fixed the environment variable (pointing to the new path; but I'm going to delete it anyway) the mvn-requests worked fine.