18

Have to ask again. Someone thought it was a duplicate question and already answered and removed it from the list.

I'm using maven (mvn) batch command with windows (not m2e with eclipse) to run clean install or resolve dependencies. Sometimes, when pom.xml was changed, it is necessary to download artifacts from our nexus server. This used to work for long time for me.

But now the connection to the nexus server (https, the server uses a company owned certificate) fails with "java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty" I know, I changed the Java release. But I'm pretty sure I maintained the cacerts keystore the same way I did with the previous releases. (at leased I compared the fingerprints in both of the cacerts; they are the same).

When running the command "mvn -s -Djavax.net.debug=all -Djava.net.ssl.trustStore="C:/Programme/Java/jre1.8.0_102/lib/security/cacerts" -Djavax.net.ssl.trustStorePassword=changeit dependency:resolve", the ssl-trace says:

keyStore is :    
keyStore type is : jks
keyStore provider is : 
init keystore
init keymanager of type SunX509
trustStore is: No File Available, using empty keystore.
trustStore type is : jks
trustStore provider is : 
init truststore

Even if specifying the path and the password of the keystore in the command, the answer in the ssl trace is that it could not be found.

I've no idea what I might have changed to get to this trouble. I changed the Windows PATH-Statement, but this should not matter fro the previously described command. Any hint is appreciated

Community
  • 1
  • 1
Ulrich
  • 715
  • 2
  • 7
  • 25

8 Answers8

24

I had the same issue and it took me a day to solve it. This a java related issue as you may see in the error stack. Check in:

/etc/ssl/certs/java for the cacerts file.
1) If you don't have this file here that is the reason why your getting this error
2) If you do have this file here it means that this is probably not a valid cacerts file.

If you want you can update it with:
sudo apt-get install --reinstall ca-certificates
And if it works now, then perfect (in my case it did not work)

So to solve this:

  1. Download from open-jdk8 (in my case) directly from oracle
  2. Extract the tar.gz files
  3. Find the new valid cacerts file under jre/lib/security
  4. Copy this file to /etc/ssl/certs/java (removing the old one if that is your case)

Finally run the comand that caused you this error and hopefully its gone! Hope this helped.

Cheers

João Rodrigues
  • 766
  • 8
  • 12
  • 1
    Great! I had the same issue on Maven 5.3.2 and Oracle JDK 10.0.2. I downloaded tar.gz from Oracle website and updated the 'cacerts' via 'cp'. Worked like a charm. Thanks! – ŁukaszBachman Jul 25 '18 at 09:31
13

I manage manually my jdk and was getting this error with openjdk-8. I replaced the cacerts with the one of the openjdk-11 and it worked just fine. If you try this, make sure to backup your cacerts first.

Mariano LEANCE
  • 1,036
  • 13
  • 10
  • 3
    This is what worked for me. I had two fresh installs of openjdk: 8 and 11. I copied the jdk-11 certs into jdk-8 (and /etc/ssl/certs/java for good measure) and it worked. `sudo cp /space/tools/java/jdk-11/lib/security/cacerts /space/tools/java/jdk-8/jre/lib/security/cacerts` (ignore my strange dir structure) – Jason S May 04 '20 at 15:23
  • 1
    i suppose cert in openjdk-8 is out of date. I replace the cert with the file in openjdk-11 and it worked. – Yin Dec 08 '20 at 03:03
  • This is very counter intuitive, but this is the solution that worked for me – ihebiheb Sep 27 '21 at 20:00
4

Today I found the reason:

Way back in history I once had set the WINDOWS environment variable MAVEN_OPTS by "setx MAVEN_OPTS "-Djavax.net.ssl.trustStore....".

The path specified here does no longer exist.

It seems this setting supersedes even the request showed in my question. I consider this behaviour to be at least unexpected but anyway. When I fixed the environment variable (pointing to the new path; but I'm going to delete it anyway) the mvn-requests worked fine.

Ulrich
  • 715
  • 2
  • 7
  • 25
4

I faced the same issue on Windows. I had two Java installed. Oracle Java and OpenJDK and Maven was compiling with OpenJDK and it was giving this issue.

Since I wanted to continue compiling the source code using OpenJDK, to fix the issue, I specified the truststore path to Oracle JRE's cacerts library in the Maven command as follows.

mvn clean install -DskipTests -Djavax.net.ssl.trustStore=/path-to-oracle-java/jre/lib/security/cacerts
naga headhunter
  • 176
  • 1
  • 12
2

The fact that the invalid parameter in the environment was not overruled with the trustStore setting on the commandline, was probably due to the fact that there is a typo in your commandline. It says:

-Djava.net.ssl.trustStore=...

But this should have been:

-Djavax.net.ssl.trustStore=...
JorB
  • 21
  • 3
1

For those facing this issue on Windows, I had the same error when compiling build with maven on Windows10, after a lot of searching I came to realize that the java > jdk-x.x.x directory is missing lib/security/cacerts.

the error went away after copying cacerts file from the existing jre > lib/security directory (or download if not existing) to jdk > lib/security directory

Taslim Oseni
  • 6,086
  • 10
  • 44
  • 69
Saif
  • 11
  • 2
0

a more ez way to fix this problem: 1.go to download Corretto OpenJDK published by Amazon 2.install it according to its guide. 3.set to use this Java DK.

problem fixed in my Ubuntu 18.

wjxiz
  • 153
  • 1
  • 1
  • 12
0

I use Oracle JDK to replace OpenJDK, this problem was solved. By the way both version is 8.

Jelly Lee
  • 1
  • 1
  • 1
    As it’s currently written, your answer is unclear. Please [edit] to add additional details that will help others understand how this addresses the question asked. You can find more information on how to write good answers [in the help center](/help/how-to-answer). – Community Sep 03 '22 at 12:21