Hi,

When I try to authenticate using the new certificate generated from Zimbra Ldap, I get the below error. I have created cacerts.jks using keytool making use of the certificate. Please help me in resolving this problem.

Below is the code snippet:

DirContext ctx = new InitialDirContext(env);
System.setProperty("javax.net.ssl.trustStore", "cacerts.jks");
System.setProperty("javax.net.ssl.trustStorePasswo rd", "changeit");

SoapProvisioning sp = new SoapProvisioning();
sp.soapSetURI(SERVER_URL
+ ZimbraServlet.ADMIN_SERVICE_URI);
sp.soapAdminAuthenticate("zimbra@test.zmb.com","zi mbra123");

Account account = sp.get(AccountBy.name, userName);
String password = account.getAttr("userPassword");
sp.changePassword(account, password, newPassword);

Following is the exception:

com.zimbra.cs.zclient.ZClientException: invoke java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty, server: test.com
ExceptionId:http-8080-1:1227974132812:fa6c28d619529703
Code:zclient.IO_ERROR
at com.zimbra.cs.zclient.ZClientException.IO_ERROR(ZC lientException.java:47)
at com.zimbra.cs.account.soap.SoapProvisioning.invoke (SoapProvisioning.java:194)
at com.zimbra.cs.account.soap.SoapProvisioning.soapAd minAuthenticate(SoapProvisioning.java:143)
at com.ldap.LdapUtil.testChangePassword(LdapUtil.java :48)
at com.authenticate.AuthServlet.doPost(AuthServlet.ja va:80)
at javax.servlet.http.HttpServlet.service(HttpServlet .java:637)
at javax.servlet.http.HttpServlet.service(HttpServlet .java:717)
at org.apache.catalina.core.ApplicationFilterChain.in ternalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.do Filter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invo ke(StandardWrapperValve.java:233)
at org.apache.catalina.core.StandardContextValve.invo ke(StandardContextValve.java:191)
at org.apache.catalina.core.StandardHostValve.invoke( StandardHostValve.java:128)
at org.apache.catalina.valves.ErrorReportValve.invoke (ErrorReportValve.java:102)
at org.apache.catalina.core.StandardEngineValve.invok e(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.servic e(CoyoteAdapter.java:286)
at org.apache.coyote.http11.Http11Processor.process(H ttp11Processor.java:845)
at org.apache.coyote.http11.Http11Protocol$Http11Conn ectionHandler.process(Http11Protocol.java:583)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run( JIoEndpoint.java:447)
at java.lang.Thread.run(Unknown Source)
Caused by: javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
at com.sun.net.ssl.internal.ssl.Alerts.getSSLExceptio n(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(U nknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(U nknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleE xception(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleE xception(Unknown Source)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write (Unknown Source)
at java.io.BufferedOutputStream.flushBuffer(Unknown Source)
at java.io.BufferedOutputStream.flush(Unknown Source)
at java.io.FilterOutputStream.flush(Unknown Source)
at org.apache.commons.httpclient.methods.StringReques tEntity.writeRequest(StringRequestEntity.java:150)
at org.apache.commons.httpclient.methods.EntityEnclos ingMethod.writeRequestBody(EntityEnclosingMethod.j ava:495)
at org.apache.commons.httpclient.HttpMethodBase.write Request(HttpMethodBase.java:1973)
at org.apache.commons.httpclient.HttpMethodBase.execu te(HttpMethodBase.java:993)
at org.apache.commons.httpclient.HttpMethodDirector.e xecuteWithRetry(HttpMethodDirector.java:397)
at org.apache.commons.httpclient.HttpMethodDirector.e xecuteMethod(HttpMethodDirector.java:170)
at org.apache.commons.httpclient.HttpClient.executeMe thod(HttpClient.java:396)
at org.apache.commons.httpclient.HttpClient.executeMe thod(HttpClient.java:324)
at com.zimbra.common.soap.SoapHttpTransport.invoke(So apHttpTransport.java:242)
at com.zimbra.common.soap.SoapHttpTransport.invoke(So apHttpTransport.java:216)
at com.zimbra.common.soap.SoapTransport.invoke(SoapTr ansport.java:315)
at com.zimbra.common.soap.SoapTransport.invoke(SoapTr ansport.java:279)
at com.zimbra.cs.account.soap.SoapProvisioning.invoke (SoapProvisioning.java:190)
... 17 more
Caused by: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
at sun.security.validator.PKIXValidator.<init>(Unknow n Source)
at sun.security.validator.Validator.getInstance(Unkno wn Source)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl. getValidator(Unknown Source)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl. checkServerTrusted(Unknown Source)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl. checkServerTrusted(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serv erCertificate(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.proc essMessage(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoo p(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.process_re cord(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRec ord(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.perform InitialHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRe cord(Unknown Source)
... 34 more
Caused by: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
at java.security.cert.PKIXParameters.setTrustAnchors( Unknown Source)
at java.security.cert.PKIXParameters.<init>(Unknown Source)
at java.security.cert.PKIXBuilderParameters.<init>(Un known Source)
... 46 more


Thanks,
Seshu.