SOAP Error - the trustAnchors parameter must be non-empty

Document ID : KB000113174
Last Modified Date : 11/12/2018
Show Technical Document Details
Issue:

We are facing a SOAP error whenever we XOG via a gel script. The error is:

Failed to send a SOAP message generated to 'https://rpm-dev.company.org/niku/xog'.java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty at com.niku.union.gel.tags.soap.InvokeTag.doTag(InvokeTag.java:76)

Error in the CA PPM bg-ca.log is:

WARN 2018-09-11 02:36:04,907 [Custom script execution pool-7-thread-1] utils.Utils (clarity:admint:57841200__B52B1BBD-A3DA-48CF-9181-61295C8C3D8C:none) ----> The exception trace is too big to be attached to the process error message. Only a truncated exception trace will be attaced to the process error message. Here is the complete exception trace: org.apache.commons.jelly.JellyTagException: null:56:57: <soap:invoke> Failed to send a SOAP message generated to 'https://rpm-dev.company.org/niku/xog'.java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty 
...
Caused by: javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty 
...

NOTE:  This problem may also be intermittent.

Environment:
Any PPM environment using SSL and SOAP/XOG via a gel script.
Cause:
PPM cannot find needed information from the Java TrustStore (usually the CACerts file for Java)
Resolution:

Add the following jvm parameters to both the app and bg services.

-Djavax.net.ssl.trustStore=/apps/niku/jdk1.8.0_40/jre/lib/security/cacerts 
-Djavax.net.ssl.trustStorePassword=changeit 
-Djavax.net.ssl.trustAnchors=/apps/niku/jdk1.8.0_40/jre/lib/security/cacerts 

NOTE 1:  The path in this command should be appropriate to the OS used on the system.

EXAMPLES:

for Linux/Unix:  /apps/niku/jdk1.8.0_40/jre/lib/security/cacerts
for Windows: C:\\niku\jdk1.8.0_40\jre\lib\security\cacerts

NOTE 2:  Make sure that the jre folder being pointed to is in the same Java install specified in the CSA/Properties.xml file and that the trustStorePassword is the correct one for your cacerts file.