Maven: trustAnchors parameter must be non-empty and 'parent.relativePath' @ InvalidAlgorithmParameterException @ Non-resolvable parent POM
Asked Answered
C

2

7

I'm new to Maven and Spring.

The project runs in my local test environment, but not on the deployed system. On deployed system: I got a fresh installed Ubuntu with OpenSDK 10.0.1, Maven 3.5.2 I'm behind a different firewall and have a different keyStore and trustStore.

Maven spits out:

Non-resolvable parent POM for org.[%mything%].app:useraut:0.0.1-SNAPSHOT: Could not transfer artifact org.springframework.boot:spring-boot-starter-parent:pom:1.5.9.RELEASE from/to central (https://repo.maven.apache.org/maven2): java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty and 'parent.relativePath' points at no local POM @ line 14, column 10 -> [Help 2]

pom snipet:

<parent>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-parent</artifactId>
    <version>1.5.9.RELEASE</version>
    <relativePath/> <!-- lookup parent from repository -->
</parent>

(no proxy defined)

It seems I can find ideas for the solution: Error - trustAnchors parameter must be non-empty But I have no clue where to begin configuring Spring, Maven or trustStore

Clubby answered 28/5, 2018 at 18:14 Comment(2)
I was also struggling with this since 24 hours. Just came across @jsn's comment here - #6784963. I thought it might be helpful to you.Searcy
Make sure that you have backup of existing cacerts file which might be useful in future incase you come across some other issue.Searcy
C
12

According to what I found out there is a weakness in the distribution package on Ubuntu Linux for OpenJDK Java 9 and above. So installing default-jdk may break things.

Citation from: (https://bugs.launchpad.net/ubuntu/+source/openjdk-lts/+bug/1768799) + additional certificate updates.

Note that re-installing default-jdk is optional and openjdk-8 could be continually to be used.

Workaround: remove default-jdk, install openjdk-8, remove openjdk-8 and reinstall default-jdk:

sudo apt purge openjdk-default java-common

sudo apt purge default-jdk java-common

sudo dpkg --purge --force-depends ca-certificates-java

sudo apt install openjdk-8-jre

sudo apt-get install ca-certificates-java

sudo apt purge openjdk-8-jre

sudo apt install default-jdk

After this i also found out that the version of Spring I was using didn't run well on Java 10.0.1 so back to Java 8.x for that purpose.

Clubby answered 1/6, 2018 at 22:42 Comment(0)
L
1

Basically it is about ca-certificates-java. It is even more frustrating when you obtain the JDK outside linux distro repositories.

Here I got the clue from: http://rabexc.org/posts/certificates-not-working-java

I modified the bash script in the comment

CACERTS="/home/user/cacerts"
cd /etc/ssl/certs
for file in *.pem; do
   echo "Importing $file..."
   openssl x509 -outform der -in "$file" -out /tmp/certificate.der
   keytool -import -alias "$file" -keystore $CACERTS \
           -file /tmp/certificate.der -deststorepass changeit -noprompt
done

Modify the the first line to suit yourself. I run it on debian, for other system you might need to change the second line as well.

Then I copy the "cacerts" file into JDK which lies on $JAVA_HOME/jre/lib/security/cacerts

Lepidosiren answered 20/10, 2019 at 5:13 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.