How to fix OpenJDK-7 certificates on Ubuntu 11.10 running on Amazon EC2

After a second crash of my EC2 instance which was running Amazon‘s own Linux distribution I had to rebuild so this time I decided to put the latest official Ubuntu AMI on it. Everything ran fine until I fired up an application which takes a feed from Twitter using their stream api.

When I fired that up I got the following stack trace:

17 Feb 2012 21:13:00,790 ERROR [Twitter Stream consumer-1[Waiting for 500 milliseconds]] [in.setra.twitter.TwitterModule] Exception during processing
java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-emptyRelevant discussions can be on the Internet at:
 http://www.google.co.jp/search?q=b5e7486f or
 http://www.google.co.jp/search?q=24943238
TwitterException{exceptionCode=[b5e7486f-24943238 b5e7486f-2494320e b5e7486f-2494320e b5e7486f-2494320e], statusCode=-1, retryAfter=-1, rateLimitStatus=null, featureSpecificRateLimitStatus=null, version=2.2.5-SNAPSHOT}
 at twitter4j.internal.http.HttpClientImpl.request(HttpClientImpl.java:200)
 at twitter4j.internal.http.HttpClientWrapper.request(HttpClientWrapper.java:65)
 at twitter4j.internal.http.HttpClientWrapper.post(HttpClientWrapper.java:102)
 at twitter4j.TwitterStreamImpl.getFilterStream(TwitterStreamImpl.java:290)
 at twitter4j.TwitterStreamImpl$7.getStream(TwitterStreamImpl.java:279)
 at twitter4j.TwitterStreamImpl$7.getStream(TwitterStreamImpl.java:277)
 at twitter4j.TwitterStreamImpl$TwitterStreamConsumer.run(TwitterStreamImpl.java:427)
Caused by: javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
 at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
 at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1697)
 at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1660)
 at sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1643)
:
Caused by: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
 at java.security.cert.PKIXParameters.setTrustAnchors(PKIXParameters.java:200)
 at java.security.cert.PKIXParameters.<init>(PKIXParameters.java:120)
 at java.security.cert.PKIXBuilderParameters.<init>(PKIXBuilderParameters.java:104)
 at sun.security.validator.PKIXValidator.<init>(PKIXValidator.java:73)
 ... 23 more

After a brief search I found that for some reason when you install OpenJDK-7-jre-headless you don’t get the certificates installed & most people just switched back to the Sun/Oracle jre.

Now this worked for me – the install was a virgin setup so I hadn’t installed the sun JDK before but I found the Java 6 cacerts installed, so the following two lines fixed the problem:

cd /usr/lib/jvm/java-6-openjdk/jre/lib/security
sudo ln -s /usr/lib/jvm/java-7-openjdk-i386/jre/lib/security/cacerts cacerts

This may work elsewhere, it may not – in this instance it worked & I’m now getting a realtime stream in from Twitter.

Author: petermount1

Prolific Open Source developer who also works in the online gaming industry during the day. Develops in Java, Go, Python & any other language as necessary. Still develops on retro machines like BBC Micro & Amiga A1200

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

%d bloggers like this: