Correcting error "The trustAnchors parameter must be non-empty"
Article ID: 208558
Updated On:
Products
Issue/Introduction
For using the RemoteCLI tool on the "Credential Manager" side the below procedure must be followed
However, sometimes this results in the following error:
C:\Users\...\remoteCLI-3.4.2>capam_command capam=capamtest adminUserID=super cmdName=getErrorCodes
Enter password:
CommandLineInterface.execute error in GET:Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
javax.net.ssl.SSLException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
Environment
CA PAM 3.4.2
Cause
This may happen if there are multiple Java versions in the Server and the wrong one is used when launching the command. This may happen, for instance if the keytool command, as specified in the installation guide, has been issued for a java version different from the one that is eventually used when launching the CLI commands.
Resolution
1. Be careful about running the keytool command from the %JAVA_HOME% location in case of multiple java versions running on the server.
In my case, Java Home is 'C:\Program Files\AdoptOpenJDK\jdk-8.0.282.8-hotspot\'
2. Run the below command from the %CAPAM_CLI% location (CAPAM_CLI is the environment variable pointing to the CLI installation folder).
$JAVA_HOME/bin/keytool -import -trustcacerts -file capam.crt -alias capamerver -keystore capam.keystore
3. Verify the keystore from the same location:
keytool -list -v –keystore capam.keystore
4. The below command may be used to see the command errorcodes,
capam_command capam=forwardinc.com adminUserID=super cmdName=getErrorCodes
Additional Information
If the PAM Client is on the same host, it is best practice to use the keytool.exe from our installation directory.
Example:
"C:\Users\<userid>\CA PAM Client\runtime-1.8.0_282\bin\keytool.exe" -import -trustcacerts -file pamcertnew.crt -alias capamserver -keystore capam.keystore
Feedback
