javax.net.ssl.SSLException: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
I'm looking to parse an XML file that updates said file daily - the only issue I've run into is that they use their own certificate (https://...) and I can't use that specific URL, nor is there an http://... link available.
URL url = new URL("https://...");
...
Document document = db.parse(url.openStream());
This code throws the following exception while running my tests:
javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
I've seen a variety of suggestions dealing with creating various classes to deal with this kind of connection or with a personal server, as well as adding the certificate to a keystore and then adding that keystore to the Java project, but I've been unable to do that and am looking for a slightly simpler way for me to go about accessing the XML online.
Answer
You need a truststore to store SSL certificates. You can download the certificate using your preferred web browser. To load the certificate into the truststore, you need the "keytool" program, which comes with the JDK.
For example, if your certificate file is named "certificate.crt" and you want to create a truststore named "secure.ts", you can invoke keytool as follows:
keytool -importcert -keystore secure.ts -storepass S3cuR3pas$! -file certificate.crt
Now, you must tell your program where the keystore is and the password to open it, defining the system properties "javax.net.ssl.trustStore" and "javax.net.ssl.trustStorePassword" before opening the connection
URL url = new URL("https://...");
System.setProperty("javax.net.ssl.trustStore", "secure.ts");
System.setProperty("javax.net.ssl.trustStorePassword", "S3cuR3pas$!");
...
Document document = db.parse(url.openStream());