trustAnchors parameter must be non-empty

sarlacpit · May 14, 2018, 2:36pm

Hi folks,

Using Ubuntu 18:04 LTS and the Elasticstack v6.1.3 and I seem to be running in to an error starting logstash:

/usr/share/logstash/bin/logstash --debug --path.settings /etc/logstash
OpenSSL::X509::StoreError: setting default path failed: the trustAnchors parameter must be non-empty
  set_default_paths at org/jruby/ext/openssl/X509Store.java:186
             <main> at /usr/share/logstash/vendor/jruby/lib/ruby/stdlib/jopenssl/load.rb:26
            require at org/jruby/RubyKernel.java:955
             <main> at /usr/share/logstash/vendor/jruby/lib/ruby/stdlib/openssl.rb:1
            require at org/jruby/RubyKernel.java:955
             <main> at /usr/share/logstash/vendor/jruby/lib/ruby/stdlib/openssl.rb:1
            require at org/jruby/RubyKernel.java:955
             <main> at /usr/share/logstash/logstash-core/lib/logstash/patches/stronger_openssl_defaults.rb:1
            require at org/jruby/RubyKernel.java:955
             <main> at /usr/share/logstash/logstash-core/lib/logstash/patches/stronger_openssl_defaults.rb:2
            require at org/jruby/RubyKernel.java:955
             <main> at /usr/share/logstash/logstash-core/lib/logstash/patches.rb:1
            require at org/jruby/RubyKernel.java:955
             <main> at /usr/share/logstash/lib/bootstrap/environment.rb:66

Java details:

java -version
openjdk version "1.8.0_171"
OpenJDK Runtime Environment (build 1.8.0_171-8u171-b11-0ubuntu0.18.04.1-b11)
OpenJDK 64-Bit Server VM (build 25.171-b11, mixed mode)

Can anyone offer any help please?

Thanks

Adam

sarlacpit · May 14, 2018, 7:56pm

I may have fixed this by removing openjdk (which appeared to have not installed correctly) will confirm.

Raptorbob · May 14, 2018, 11:34pm

I'm encountering the same issue on my 18.04 install since default-jre installs an incompatible version of java. Even with openjdk-8-jre, I get this error. Looking forward to see if you have a resolution.

sarlacpit · May 15, 2018, 10:49am

Hi Raptorbob,

Here is an output of my history, but doing this fixed it... Hopefully it'll work for you. I'd back up /usr/lib/jvm/* before removing it though...

  208  dpkg --list | grep ii | grep java
  209  dpkg --list | grep ii | grep jdk   # Get a list of install jdk packages
  210  dpkg --purge openjdk-11-jre-headless ca-certificates-java java-common libatk-wrapper-java libatk-wrapper-java-jni
  211  rm -rf /usr/lib/jvm/*
  212  dpkg --list | grep ii | grep java
  214  apt autoremove
  215  apt autoclean
  216  apt purge
  217  sudo reboot
  218 apt install openjdk-8-jdk

I hope this helps

pushock · May 31, 2018, 7:29am

I have fixed this issue by removing java certificates and updating them:

sudo rm /etc/ssl/certs/java/cacerts 
sudo update-ca-certificates -f

system · June 28, 2018, 7:29am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.