Roberto Alves
Reputation: 1
Micronaut Http Client PKIX and trustAnchors Cerificate errors
I am using Windows OS, developing in IntelliJ IDE, using JDK 22 and Micronaut.
I am trying to integrate with an application that requires a custom trusted root CA certificate, and this started to generate an error of
io.micronaut.http.client.exceptions.HttpClientException: Connect Error: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I accessed the following link and carried out the procedure to import the certificate:
"PKIX path building failed" and "unable to find valid certification path to requested target"
keytool -import -alias plocdvmap -keystore "C:\Users\alves153\.jdks\azul-21.0.3\lib\security\cacerts" -file plocdvmap.cer -storepass changeit
I tested whether my certificate had been installed in my JDK with the command and verified that the certificate was there.
keytool -v -list -keystore "C:\Users\alves153\.jdks\azul-21.0.3\lib\security\cacerts" -alias plocdvmap -storepass changeit
But when I ran my test, I got the following error
java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
io.netty.handler.codec.DecoderException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
at app//io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:500)
at app//io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:290)
at app//io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444)
at app//io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)
at app//io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412)
at app//io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1407)
at app//io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:440)
at app//io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)
at app//io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:918)
at app//io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:166)
at app//io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:788)
at app//io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:724)
at app//io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:650)
at app//io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:562)
at app//io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:994)
at app//io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
at app//io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
at [email protected]/java.lang.Thread.run(Thread.java:1583)
Caused by: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
at java.base/sun.security.validator.PKIXValidator.<init>(PKIXValidator.java:97)
at java.base/sun.security.validator.Validator.getInstance(Validator.java:173)
at java.base/sun.security.ssl.X509TrustManagerImpl.getValidator(X509TrustManagerImpl.java:308)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrustedInit(X509TrustManagerImpl.java:183)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:254)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144)
at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1296)
at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1195)
at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1138)
at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:393)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:476)
at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1273)
at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1260)
at java.base/java.security.AccessController.doPrivileged(AccessController.java:714)
at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1205)
at io.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler.java:1651)
at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1497)
at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1338)
at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1387)
at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:530)
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:469)
... 17 more
Caused by: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
at java.base/java.security.cert.PKIXParameters.setTrustAnchors(PKIXParameters.java:200)
at java.base/java.security.cert.PKIXParameters.<init>(PKIXParameters.java:120)
at java.base/java.security.cert.PKIXBuilderParameters.<init>(PKIXBuilderParameters.java:104)
at java.base/sun.security.validator.PKIXValidator.<init>(PKIXValidator.java:94)
... 37 more
Does anyone knows how to fix it on Micronaut?
I tryied import certificate too many ways, like:
keytool -trustcacerts -keystore "C:\Users\alves153.jdks\azul-21.0.3\lib\security\cacerts" -storepass changeit -importcert -alias plocdvmap -file certificate.crt
keytool -importcert -alias plocdvmap -keystore "C:\Users\alves153.jdks\azul-21.0.3\lib\security\cacerts" -file certificate.cer -storepass changeit
keytool -import -alias plocdvmap -keystore "C:\Users\alves153.jdks\azul-21.0.3\lib\security\cacerts" -file plocdvmap.cer -storepass changeit
With diferent formats: crt, cer
I tryied add these configurations to application.yaml as well:
micronaut:
ssl:
buildSelfSigned: false
client:
trust-store:
path: 'C:\Users\alves153\.jdks\azul-21.0.3\lib\security\cacerts'
password: 'changeit'
Upvotes: 0
Views: 149
Answers (0)
Related Questions
- How to use java.net.URLConnection to fire and handle HTTP requests
- "PKIX path building failed" and "unable to find valid certification path to requested target"
- PKIX path building failed : I added certificate to carcert still failing
- What is PKIX-error and how to fix/workaround it for gradle project in a corporate environment?
- RuntimeException: class not found CLASSNAME while using parallel stream on EKS and reading data from redis cache using redisson
- Micronaut Server Error - No request state present. Cause: java.lang.IllegalArgumentException: No enum constant io.micronaut.http.HttpMethod.PRI
- Certificate verification error for query value in Hyperledger Fabric
- Not able to import certificate in cacert
- PKIX path building failed, but the certificate is in cacerts