Maven: trustAnchors parameter must be non-empty and 'parent.relativePath' @ InvalidAlgorithmParameterException @ Non-resolvable parent POM

Question

I'm new to Maven and Spring.

The project runs in my local test environment, but not on the deployed system. On deployed system: I got a fresh installed Ubuntu with OpenSDK 10.0.1, Maven 3.5.2 I'm behind a different firewall and have a different keyStore and trustStore.

Maven spits out:

Non-resolvable parent POM for org.[%mything%].app:useraut:0.0.1-SNAPSHOT: Could not transfer artifact org.springframework.boot:spring-boot-starter-parent:pom:1.5.9.RELEASE from/to central (https://repo.maven.apache.org/maven2): java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty and 'parent.relativePath' points at no local POM @ line 14, column 10 -> [Help 2]

pom snipet:

<parent>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-parent</artifactId>
    <version>1.5.9.RELEASE</version>
    <relativePath/> <!-- lookup parent from repository -->
</parent>

(no proxy defined)

It seems I can find ideas for the solution: Error - trustAnchors parameter must be non-empty But I have no clue where to begin configuring Spring, Maven or trustStore

Answer 1

According to what I found out there is a weakness in the distribution package on Ubuntu Linux for OpenJDK Java 9 and above. So installing default-jdk may break things.

Citation from: (https://bugs.launchpad.net/ubuntu/+source/openjdk-lts/+bug/1768799) + additional certificate updates.

Note that re-installing default-jdk is optional and openjdk-8 could be continually to be used.

Workaround: remove default-jdk, install openjdk-8, remove openjdk-8 and reinstall default-jdk:

sudo apt purge openjdk-default java-common

sudo apt purge default-jdk java-common

sudo dpkg --purge --force-depends ca-certificates-java

sudo apt install openjdk-8-jre

sudo apt-get install ca-certificates-java

sudo apt purge openjdk-8-jre

sudo apt install default-jdk

After this i also found out that the version of Spring I was using didn't run well on Java 10.0.1 so back to Java 8.x for that purpose.

Answer 2

Basically it is about ca-certificates-java. It is even more frustrating when you obtain the JDK outside linux distro repositories.

Here I got the clue from: http://rabexc.org/posts/certificates-not-working-java

I modified the bash script in the comment

CACERTS="/home/user/cacerts"
cd /etc/ssl/certs
for file in *.pem; do
   echo "Importing $file..."
   openssl x509 -outform der -in "$file" -out /tmp/certificate.der
   keytool -import -alias "$file" -keystore $CACERTS \
           -file /tmp/certificate.der -deststorepass changeit -noprompt
done

Modify the the first line to suit yourself. I run it on debian, for other system you might need to change the second line as well.

Then I copy the "cacerts" file into JDK which lies on $JAVA_HOME/jre/lib/security/cacerts