November 19, 2016

Import Certificate to IntelliJ IDEA to Runtime


In order to import a certificate to run-time in IntelliJ IDEA do the following steps.

1. Go to Run > Edit Configuration


2. In VM options provide the trustStore as below : 
-Djavax.net.ssl.trustStore=C:\Source\vds\vdsstore.jks -Djavax.net.ssl.trustStorePassword=vdsstore


In order to import the certificate to a trust store do the following : 

keytool -import -alias vdsfmr -file Cert.cer -keystore wso2carbon.jks
VMArgument  -Djavax.net.ssl.trustStore=vdsStore -Djavax.net.ssl.trustStorePassword=vdsStore

Reference : https://docs.oracle.com/javase/tutorial/security/toolsign/rstep2.html 

TroubleShooting

Unable to Find Cert :

Ceritificate is not available during runtime. To resolve add the VM Arguments pointing to Trust Store as above.

javax.naming.CommunicationException: simple bind failed: localhost:389 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:218)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2740)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:316)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:193)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:211)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:154)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:84)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:307)
at javax.naming.InitialContext.init(InitialContext.java:242)
at javax.naming.InitialContext.<init>(InitialContext.java:216)
at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:101)
at LDAPAuthenticator.main(LDAPAuthenticator.java:23)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at com.intellij.rt.execution.application.AppMain.main(AppMain.java:147)
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1904)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:279)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:273)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1446)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:209)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:913)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:849)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1023)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1332)
at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:889)
at sun.security.ssl.AppInputStream.read(AppInputStream.java:102)
at java.io.BufferedInputStream.fill(BufferedInputStream.java:235)
at java.io.BufferedInputStream.read1(BufferedInputStream.java:275)
at java.io.BufferedInputStream.read(BufferedInputStream.java:334)
at com.sun.jndi.ldap.Connection.run(Connection.java:855)
at java.lang.Thread.run(Thread.java:745)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
at sun.security.validator.Validator.validate(Validator.java:260)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1428)
... 12 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:196)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380)
... 18 more


When the Trust Store is Not Provided as an Absolute Path : 
Reference : http://stackoverflow.com/questions/4764611/java-security-invalidalgorithmparameterexception-the-trustanchors-parameter-mus

I was able to solve this error by providing the absolute path to the trust store instead of the relative path.

javax.naming.CommunicationException: simple bind failed: localhost:389 [Root exception is javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty]
 at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:218)
 at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2740)
 at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:316)
 at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:193)
 at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:211)
 at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:154)
 at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:84)
 at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
 at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:307)
 at javax.naming.InitialContext.init(InitialContext.java:242)
 at javax.naming.InitialContext.<init>(InitialContext.java:216)
 at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:101)
 at VDSAuth.main(VDSAuth.java:31)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
 at java.lang.reflect.Method.invoke(Method.java:606)
 at com.intellij.rt.execution.application.AppMain.main(AppMain.java:147)
Caused by: javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
 at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
 at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1904)
 at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1862)
 at sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1845)
 at sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1771)
 at sun.security.ssl.AppInputStream.read(AppInputStream.java:113)
 at java.io.BufferedInputStream.fill(BufferedInputStream.java:235)
 at java.io.BufferedInputStream.read1(BufferedInputStream.java:275)
 at java.io.BufferedInputStream.read(BufferedInputStream.java:334)
 at com.sun.jndi.ldap.Connection.run(Connection.java:855)
 at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
 at sun.security.validator.PKIXValidator.<init>(PKIXValidator.java:90)
 at sun.security.validator.Validator.getInstance(Validator.java:179)
 at sun.security.ssl.X509TrustManagerImpl.getValidator(X509TrustManagerImpl.java:314)
 at sun.security.ssl.X509TrustManagerImpl.checkTrustedInit(X509TrustManagerImpl.java:173)
 at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:186)
 at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126)
 at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1428)
 at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:209)
 at sun.security.ssl.Handshaker.processLoop(Handshaker.java:913)
 at sun.security.ssl.Handshaker.process_record(Handshaker.java:849)
 at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1023)
 at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1332)
 at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:889)
 at sun.security.ssl.AppInputStream.read(AppInputStream.java:102)
 ... 5 more
Caused by: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
 at java.security.cert.PKIXParameters.setTrustAnchors(PKIXParameters.java:200)
 at java.security.cert.PKIXParameters.<init>(PKIXParameters.java:120)
 at java.security.cert.PKIXBuilderParameters.<init>(PKIXBuilderParameters.java:104)
 at sun.security.validator.PKIXValidator.<init>(PKIXValidator.java:88)
 ... 18 more

No comments:

Post a Comment