Unable to set up JDBC/SSL connection to DB2 for IS 10.7

we are connecting IS (IS_10.7_Core_Fix9, Java 1.8.0_292 (52.0)) to DB2 over ssl/tcp. There are no firwall issue (port is opened in firewall) and we could access DB2 from IS host. Data source=com.ibm.db2.jcc.DB2SimpleDataSource; Other Properties=driverType=4;sslConnection=true;

We created trust store and key store

When we tryto set up

webMethods Adapter for JDBC SSL Connection, getting following error, Any help is appreciated

Error encountered

[ART.118.5011] Adapter Runtime (Connection): Unable to create new connection SVC_EDI_Util_Config.jdbc:EDIssl.

[ADA.1.204] Cannot connect to the database with DataSource class “com.ibm.db2.jcc.DB2SimpleDataSource”.

[jcc][t4][2030][11211][3.69.49] A communication error occurred during operations on the connection’s underlying socket, socket input stream,

or socket output stream. Error location: Reply.fill() - socketInputStream.read (-1). Message: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty. ERRORCODE=-4499, SQLSTATE=08001

What product/components do you use and which version/fix level are you on?

Is your question related to the free trial, or to a production (customer) instance?

What are you trying to achieve? Please describe it in detail.

Do you get any error messages? Please provide a full error message screenshot and log file.

Have you installed all the latest fixes for the products and systems you are using?

The exception message “the trustAnchors parameter must be non-empty” is not intuitive but I believe it is telling you that that it can’t get the root certificate, possibly because there is something wrong with your trust store. See java - Error - trustAnchors parameter must be non-empty - Stack Overflow for some suggestions.

Found the reason for this. This happens when there are no trusted certificates in the given KeyStore.
InvalidAlgorithmParameterException can be thrown only in the PKIXParameters class, which is used for reading certificates from a KeyStore. The constructor of PKIXParameters collects trustAnchors from the KeyStore given as a parameter.

That is to say, the constructor threw the exception as expected. In other words, it’s not possible to create an instance of the PKIXParameters class when there are no trusted certificates in the given KeyStore.

This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.