Failed to retrieve session credentials due to InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
Problem
Your builds fail due to Tasks for AWS encountering an InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
, for example:
Build log
04-Mar-2016 10:51:11 Starting task 'Upload Artifacts' of type 'net.utoolity.atlassian.bamboo.tasks-for-aws:aws.s3.object'
04-Mar-2016 10:51:11 Setting maxErrorRetry=7 and awaitTransitionInterval=15000
04-Mar-2016 10:51:11 Using session credentials provided by Identity Federation for AWS Add-on (Connector Selection).
04-Mar-2016 10:51:11 Failed to retrieve session credentials due to Identity Federation for AWS error: com.amazonaws.AmazonClientException: Unable to execute HTTP request: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
04-Mar-2016 10:51:11 Finished task 'Upload Artifacts' with result: Error
Cause
This exception stems from the Java Virtual Machine trying to execute a HTTP request via SSL, but having trouble to access the local certificate authority trust store on the host system. There seem to be many potential root causes, here are a couple of pointers:
Jira Knowledge Base
The JVM cannot find the javax.net.ssl.trustStore required for SSL, or it does not contain the required certificates.
Stack Overflow
This bizarre message means that the truststore you specified was not found, or couldn't be opened due to access permissions for example. [...]
Solution
The JVM access to local certificate authority trust store on the host system needs to be restored.
There seem to be different solutions depending on the root cause and JVM involved - for example, this is a fairly simple solution, which seems to fix the problem for many users:
Restore JVM access to local certificate authority trust store on the host system
Ubuntu
Shell script
sudo update-ca-certificates -f
Amazon Linux
Shell script
sudo update-ca-trust check sudo update-ca-trust enable sudo update-ca-trust check
Shell output
Restart Bamboo
Related articles
Amazon Web Services™, AWS™ and the “Powered by Amazon Web Services” logo are trademarks of Amazon.com, Inc. or its affiliates in the United States and/or other countries.
Utoolity® is a registered trademark of Utoolity GmbH.
© 2024 Utoolity GmbH. All rights reserved.