1 Reply Latest reply on Mar 11, 2005 4:19 PM by Adrian Brock

    jms over https: trustAnchors parameter must be non-empty

    Dieter Cailliau Newbie

      Question: how can i start a java jms over https client program inside a .war?

      My stategy: put the code inside a servlet, and put the jvm parameters used for starting the client, to the jboss JAVA_OPTS.

      More in detail:

      I implemented a java client program, that connects to a jms over https. The client program uses the chap8.keystore (using -Djavax.net.ssl.trustStore=...), and the server uses it as well (in the jbossweb-tomcat50.sar\server.xml). This all works fine.

      Now, i try to do the same, but i put my client code in a servlet, in a .war folder inside the deploy folder.

      What i try to achieve here, is that this client code automatically runs when jboss boots.

      When the servlet tries to connect to the jndi, by doing new InitialContext(), using the properties (just like the java client did):

      java.naming.factory.initial org.jboss.naming.HttpNamingContextFactory
      java.naming.provider.url https://localhost:443/invoker/JNDIFactorySSL
      java.naming.factory.url.pkgs org.jboss.naming:org.jnp.interfaces;java.protocol.handler.pkgs

      i get this problem:

      javax.naming.NamingException: Failed to retrieve Naming interface [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

      I guess this is, because i started my client program with -Djavax.net.ssl.trustStore=..., which has now disappeared, since i run the client code inside a servlet in jboss.

      When i start jboss with a -Djavax.net.ssl.trustStore=conf/chap8.keystore parameter, i get

      javax.naming.NamingException: Failed to retrieve Naming interface [Root exception is javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty]

      It makes no different wheter i invoke this servlet over https of http.