Saturday, September 17, 2011

Java Error InvalidAlgorithmParameterException: the trustAnchors on EC2 Amazon Jenkins

InvalidAlgorithmParameterException: the trustAnchors on EC2 Amazon

This error is due to the fact that gmail cert is not included in the JAVA HOME cacerts or else when the apache tomcat is not knowing as to where to pick the trusted cacerts file in any of the case here the complete procedure to do the same.


[root@server1 ~]# echo $JAVA_HOME
/usr/lib/jvm/java

[root@server1 ~]$ openssl s_client -connect smtp.gmail.com:465 > /tmp/smtp.cert

( openssl can be available by install openssl package )

It will generate a certificate

Edit /tmp/smtp.cert and remove everything before or after the following tags(both begin certificate and end certificate should be included)
—–BEGIN CERTIFICATE—–
—–END CERTIFICATE—–

Now import the file /tmp/smtp.cert to JAVA_HOME cacerts

[root@server1 ~]# $JAVA_HOME/bin/keytool -import -alias smtp.gmail.com -keystore $JAVA_HOME/jre/lib/security/cacerts -file /tmp/smtp_gmail.cert

It will ask for password first time, make sure you remember this password.

you can check the list in cacerts, which increases by number, to check it

[root@server1 ~]# $JAVA_HOME/bin/keytool -list -keystore # $JAVA_HOME/jre/lib/security/cacerts

Now if you are using tomcat or any other application based on tomcat, just include the following paths in catalina.sh or if you have a startup-script for your apps then include it.

-Djavax.net.ssl.trustStore=$JAVA_HOME/jre/lib/security/cacerts
-Djavax.net.ssl.trustStorePassword=password

1 comment:

  1. I honestly spent about 10 hours trying to solve this problem and albeit being very close, I couldn't figure it out. You make it sound easy. Thanks again Jyotir.

    ReplyDelete