S A
Home » DevOps » Jenkins Error: trustAnchors parameter must be non-empty

Jenkins Error: trustAnchors parameter must be non-empty

Updated: February 3, 2024 By: Guest Contributor Post a comment
Table Of Contents
1 The Problem
1.1 Common Reasons
2 Solution 1: Updating TrustStore Configuration
3 Solution 2: Ensuring the SSL Certificate is Trusted
4 Solution 3: Updating Java Version
5 Conclusion

The Problem

Jenkins is a powerful automation server used for continuous integration and delivery. However, when integrating Jenkins with other services, especially over SSL, users might encounter the trustAnchors parameter must be non-empty error. This error typically occurs due to issues with the Java Keystore (JKS) configuration or when Jenkins attempts to establish a secure connection but fails to trust the SSL certificate.

Common Reasons

  • Inadequate or missing trustStore configurations.
  • Expired or untrusted SSL certificates.
  • Jenkins or Java version compatibility issues.

Solution 1: Updating TrustStore Configuration

Ensuring Jenkins has the correct trustStore settings, which includes specifying the trustStore file location and its password. This action tells Jenkins where to look for trusted certificates.

  1. Navigate to the Jenkins configuration file, often located at JENKINS_HOME/jenkins.xml or in system properties.
  2. Add JVM arguments for the trustStore and trustStorePassword, like so: -Djavax.net.ssl.trustStore=/path/to/your/truststore -Djavax.net.ssl.trustStorePassword=yourpassword.
  3. Restart Jenkins for the changes to take effect.

Notes: This solution is straightforward but requires access to the server’s file system. It is only applicable if the trustStore or its password were incorrectly configured or not set at all.

Solution 2: Ensuring the SSL Certificate is Trusted

Adding the SSL certificate of the service you are integrating with Jenkins to the Jenkins server’s trustStore, making it a trusted certificate.

  1. Obtain the SSL certificate from the service you want to connect with. This can often be done by visiting the service URL in a browser and exporting the certificate.
  2. Import the certificate into the server’s trustStore using the keytool command: keytool -import -alias yourAlias -file /path/to/certificate -keystore /path/to/your/truststore.
  3. Enter the trustStore password when prompted and confirm the certificate import.
  4. Restart Jenkins to apply the changes.

Notes: Requires knowledge of keytool command-line tool. This method ensures that SSL communications are secured and trusted on a case-by-case basis.

Solution 3: Updating Java Version

Sometimes, the error results from compatibility issues between Jenkins, the Java runtime, and the certificates’ cryptographic standards. Updating Java to the latest version can resolve these issues.

  1. Check the current Java version on your Jenkins server using java -version.
  2. Download and install the latest Java version from the official website.
  3. Update the JAVA_HOME environment variable to point to the new Java installation if necessary.
  4. Restart Jenkins to ensure it uses the updated Java runtime.

Notes: Ensure that the latest Java version is compatible with your Jenkins server. This solution might also involve updating Jenkins or other dependencies to maintain compatibility.

Conclusion

The trustAnchors parameter must be non-empty error can be daunting, but it often points to misconfigurations or compatibility issues that can be resolved with careful attention to the Java and Jenkins configurations. Try each suggested solution in turn, verifying your system’s configuration at each step, until the issue is resolved.

Search tutorials, examples, and resources