Failed to retrieve session credentials due to InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty

Owned by Steffen Opel [Utoolity]
Last updated: 15.11.2021 by Jana Lehmann [Utoolity]
2 min read

Problem

Your builds fail due to Tasks for AWS encountering an InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty, for example:

Build log
04-Mar-2016 10:51:11 Starting task 'Upload Artifacts' of type 'net.utoolity.atlassian.bamboo.tasks-for-aws:aws.s3.object' 04-Mar-2016 10:51:11 Setting maxErrorRetry=7 and awaitTransitionInterval=15000 04-Mar-2016 10:51:11 Using session credentials provided by Identity Federation for AWS Add-on (Connector Selection). 04-Mar-2016 10:51:11 Failed to retrieve session credentials due to Identity Federation for AWS error: com.amazonaws.AmazonClientException: Unable to execute HTTP request: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty 04-Mar-2016 10:51:11 Finished task 'Upload Artifacts' with result: Error

Cause

This exception stems from the Java Virtual Machine trying to execute a HTTP request via SSL, but having trouble to access the local certificate authority trust store on the host system. There seem to be many potential root causes, here are a couple of pointers:

Jira Knowledge Base

The JVM cannot find the javax.net.ssl.trustStore required for SSL, or it does not contain the required certificates.

Stack Overflow

This bizarre message means that the truststore you specified was not found, or couldn't be opened due to access permissions for example. [...]

Solution

The JVM access to local certificate authority trust store on the host system needs to be restored.

There seem to be different solutions depending on the root cause and JVM involved - for example, this is a fairly simple solution, which seems to fix the problem for many users:

  1. Restore JVM access to local certificate authority trust store on the host system

    • Ubuntu

      Shell script

      sudo update-ca-certificates -f

    • Amazon Linux

      Shell script

      sudo update-ca-trust check sudo update-ca-trust enable sudo update-ca-trust check

      Shell output

  2. Restart Bamboo



Atlassian®, Atlassian Bamboo®, Bitbucket®, Atlassian Crowd®, Confluence®, Jira®, Jira Service Management™, Opsgenie®, and Statuspage™ are registered trademarks of Atlassian.
Amazon Web Services™, AWS™ and the “Powered by Amazon Web Services” logo are trademarks of Amazon.com, Inc. or its affiliates in the United States and/or other countries.

Utoolity® is a registered trademark of Utoolity GmbH.
© 2024 Utoolity GmbH. All rights reserved.