1

Our service communicates with several AWS services such as KMS. Deploying our Boxfuse AMI results in this error in the logs whenever our service tries to call out to one of these AWS services:

Unable to execute HTTP request: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
! java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty

Which I believe I've been able to trace back to being an SSL issue (we appear to be missing the appropriate root TLS certs)

We're using the Oracle JRE as described in the documentation by copying the JRE into the /src/main/resources directory. The JRE contains a cacerts file that should cover this, so I tried copying the cacerts file to /src/main/resources as described in the Boxfuse documentation:

You can, however, ship your own set of root certificates, by placing them in a KeyStore inside the Jar file as /cacerts. If you use Maven, this means your cacerts KeyStore file should be put into the src/main/resources directory.

However, I'm still getting the same error. Any ideas?

Sherms
  • 1,567
  • 1
  • 15
  • 31
  • Turn on the SSL debugging on the JVM (-Djavax.net.debug=ssl) and post here for review. Use the keytool to list the certs in $JAVA_HOME/jre/lib/security/cacert. Make sure the root CA in question is there. Do you know 100% what cacert file is being loaded at runtime? – Rodrigo Murillo Jun 15 '16 at 22:25

1 Answers1

1

The latest released Boxfuse version fixed my issue. Thanks all!

Sherms
  • 1,567
  • 1
  • 15
  • 31