Facing a SOAP error whenever we XOG via a gel script in Clarity. This problem may also be intermittent. The error is:
Failed to send a SOAP message generated to 'https://example.com/niku/xog'.java.lang.RuntimeException:
Unexpected error: java.security.InvalidAlgorithmParameterException:
the trustAnchors parameter must be non-empty at com.niku.union.gel.tags.soap.InvokeTag.doTag(InvokeTag.java:76)
Error in the Clarity bg-ca.log is:
WARN 2018-09-11 02:36:04,907 [Custom script execution pool-7-thread-1] utils.Utils (clarity:admin:%SESSIONID%:none) ----> The exception trace is too big to be attached to the process error message.
Only a truncated exception trace will be attaced to the process error message. Here is the complete exception trace: org.apache.commons.jelly.JellyTagException: null:56:57:
<soap:invoke> Failed to send a SOAP message generated to 'https://example.com/niku/xog'.java.lang.RuntimeException:
Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
Caused by: javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
Any Clarity environment using SSL and SOAP/XOG via a gel script.
Clarity cannot find needed information from the Java TrustStore (usually the CACerts file for Java)
1. Make sure that the jre folder being pointed to is in the same Java install specified in the CSA/Properties.xml file and that the trustStorePassword is the correct one for your cacerts file.
2. To test the file and location directly in JVM for troubleshooting purposes, add the following jvm parameters to both the app and bg services.
-Djavax.net.ssl.trustStore=/apps/niku/jdk1.8.0_40/jre/lib/security/cacerts
-Djavax.net.ssl.trustStorePassword=changeit
-Djavax.net.ssl.trustAnchors=/apps/niku/jdk1.8.0_40/jre/lib/security/cacerts
EXAMPLES:
for Linux/Unix: /apps/niku/jdk1.8.0_40/jre/lib/security/cacerts
for Windows: C:\\niku\jdk1.8.0_40\jre\lib\security\cacerts
3. If the test doesn't work, then use KB XOG with HTTPS fails with error: "PKIX path building failed, unable to find valid certification path to requested target." to recreate the certificate correctly
4. If the test works, then java folder and location isn't being correctly set up and needs correction. We recommend setting this up correctly and removing the JVM parameters and restarting once done