the trustAnchors parameter must be non-empty for

Andrew John Hughes ahughes at
Wed Mar 17 08:38:55 PDT 2010

On 23 November 2009 04:57, Michael Franz <mvfranz at> wrote:
> Hi,
> I did a new fclone of the bsd repo today.  When running the build I get the
> following error:
> java.lang.RuntimeException: Unexpected error:
> the trustAnchors parameter
> must be non-empty

This is because the cacerts keystore doesn't have any certificates in
it.  All local OpenJDK builds will be like this.

You need to do something like:

    for c in /usr/share/ca-certificates/*/*.crt; do
        openssl x509 -text -in "${c}" >> all.crt || die
    ./ keytool all.crt || die is available from
keytool should point to the keytool binary from the JDK you are using to build.

> I tried to download the zip file using wget and get the following error:
> --2009-11-22 23:53:14--
> Resolving
> Connecting to||:443... connected.
> ERROR: cannot verify's certificate, issued by
> `/C=US/O=Equifax/OU=Equifax Secure Certificate Authority':
>   Unable to locally verify the issuer's authority.
> To connect to insecurely, use `--no-check-certificate'.
> Unable to establish SSL connection.
> Is anyone else having problems downloading?
> Michael

Andrew :-)

Free Java Software Engineer
Red Hat, Inc. (

Support Free Java!
Contribute to GNU Classpath and the OpenJDK

PGP Key: 94EFD9D8 (
Fingerprint: F8EF F1EA 401E 2E60 15FA  7927 142C 2591 94EF D9D8

More information about the bsd-port-dev mailing list