Server has some SSL issue that doesn't let anyone connect to it

Discussion in 'Spigot Help' started by MineralMC, Jul 12, 2018.

  1. Try it yourself @ this IP: havocanarchy.me

    javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:214) ~[?:?]
    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1974) ~[?:?]
    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1926) ~[?:?]
    at sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1909) ~[?:?]
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1436) ~[?:?]
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413) ~[?:?]
    at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:567) ~[?:?]
    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185) ~[?:?]
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1581) ~[?:?]
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1509) ~[?:?]
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:245) ~[?:?]
    at de.dustplanet.util.Updater.read(Updater.java:675) [SilkSpawners.jar:?]
    at de.dustplanet.util.Updater.runUpdater(Updater.java:769) [SilkSpawners.jar:?]
    at de.dustplanet.util.Updater.access$100(Updater.java:46) [SilkSpawners.jar:?]
    at de.dustplanet.util.Updater$UpdateRunnable.run(Updater.java:764) [SilkSpawners.jar:?]
    at java.lang.Thread.run(Thread.java:844) [?:?]
    Caused by: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
    at sun.security.validator.PKIXValidator.<init>(PKIXValidator.java:89) ~[?:?]
    at sun.security.validator.Validator.getInstance(Validator.java:181) ~[?:?]
    at sun.security.ssl.X509TrustManagerImpl.getValidator(X509TrustManagerImpl.java:330) ~[?:?]
    at sun.security.ssl.X509TrustManagerImpl.checkTrustedInit(X509TrustManagerImpl.java:180) ~[?:?]
    at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:192) ~[?:?]
    at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:133) ~[?:?]
    at sun.security.ssl.ClientHandshaker.checkServerCerts(ClientHandshaker.java:1947) ~[?:?]
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1777) ~[?:?]
    at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:264) ~[?:?]
    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1098) ~[?:?]
    at sun.security.ssl.Handshaker.processRecord(Handshaker.java:1026) ~[?:?]
    at sun.security.ssl.SSLSocketImpl.processInputRecord(SSLSocketImpl.java:1137) ~[?:?]
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1074) ~[?:?]
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:973) ~[?:?]
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1402) ~[?:?]
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1429) ~[?:?]
    ... 11 more
    Caused by: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
    at java.security.cert.PKIXParameters.setTrustAnchors(PKIXParameters.java:200) ~[?:?]
    at java.security.cert.PKIXParameters.<init>(PKIXParameters.java:120) ~[?:?]
    at java.security.cert.PKIXBuilderParameters.<init>(PKIXBuilderParameters.java:104) ~[?:?]
    at sun.security.validator.PKIXValidator.<init>(PKIXValidator.java:86) ~[?:?]
    at sun.security.validator.Validator.getInstance(Validator.java:181) ~[?:?]
    at sun.security.ssl.X509TrustManagerImpl.getValidator(X509TrustManagerImpl.java:330) ~[?:?]
    at sun.security.ssl.X509TrustManagerImpl.checkTrustedInit(X509TrustManagerImpl.java:180) ~[?:?]
    at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:192) ~[?:?]
    at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:133) ~[?:?]
    at sun.security.ssl.ClientHandshaker.checkServerCerts(ClientHandshaker.java:1947) ~[?:?]
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1777) ~[?:?]
    at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:264) ~[?:?]
    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1098) ~[?:?]
    at sun.security.ssl.Handshaker.processRecord(Handshaker.java:1026) ~[?:?]
    at sun.security.ssl.SSLSocketImpl.processInputRecord(SSLSocketImpl.java:1137) ~[?:?]
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1074) ~[?:?]
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:973) ~[?:?]
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1402) ~[?:?]
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1429) ~[?:?]
    ... 11 more
     
  2. show me full server log
     
  3. Try adding
    Code (Java):
     -Djavax.net.ssl.trustStore=<keystore-file>

    # By default it's stored here:
    -Djavax.net.ssl.trustStore=/etc/ssl/certs/java/cacerts
    to your server start script
     
  4. Needs more info -
    OS (and if Linux, what distro and version)?
    Java version (and if Linux, Oracle or OpenJDK?)?

    The way I'm reading it, it looks like the default trusted CA collection is missing or not found, which is what hyWse was alluding to as well. If that's the case, something isn't installed right (possibly your distro's CA package) but we'd the above info to help with that.
     
  5. md_5

    Administrator Developer

    Google has lots of answers to this.
    Did you try googling
     
  6. Why do you contact us instead the SilkSpawner dev?

    If that issue is with all Java applications follow what md_5 said, as it's easy to fix.
     

Share This Page