Skip to main content
Skip table of contents

Unable to connect to URL

Problem

When adding a Content Server URL to the Content Source, you receive “Unable to connect to URL”, when it is an HTTPS connection, using a keystore/truststore.

In the tomcat-stdout file, you will see:

CODE 
ERROR com.shinydocs.modules.contentserver.operations.ContentServerBaseOperations - Error connecting to server. Reason : Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty

In the shinydrive-verbose log, you may also see:

CODE 
ERROR com.shinydocs.modules.contentserver.operations.ContentServerBaseOperations - Error connecting to server. Reason : Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty

Those are pointing to issues with the certificate store, or configuration within Tomcat/Java, to the keystore being used, invalid certs in the keystore file, or invalid user/password being used.

Solution

Receiving "the trustAnchors parameter must be non-empty" when adding HTTPS SSO to Shinydrive.

Step-by-step:

  1. Ensure the login/password is valid in the tomcat server.xml file

  2. Ensure the location of the current keystore is noted in the Tomcat file

  3. Ensure that the truststore is also being pointed to (in most cases, the same keystore is also the truststore)

There are two ways to complete this. One way is modifying the server.xml, and the other is adjusting the java options in Tomcat.

  1. Modify the Tomcat java options:

To run Shinydrive server on HTTPS, use the PFX file created by the team maintaining the certs on the company side. Add these two lines in the Java Options in Tomcat:

Edit the Tomcat server.xml (found in the Tomcat 8.5\bin\ folder, after creating a backup file first):

All of the steps above make it so that clients can connect to the Shinydrive server via HTTPS.

In order for Shinydrive Server to then connect to OTCS over HTTPS, I created a copy of cacerts and then imported our internal Certificate Authority (for us it’s a root cert and an issuing cert and allows Shinydrive to trust the certs from OTCS or any other internal server with certs issued by our Certificate Authority) with these commands:

Change the password of the new cacertsCORP file:

Then on the Java Options I added these two lines:

The Java Options section ends up looking like this:

2. Modify the Tomcat server.xml to add the truststore line instead:

Edit the Tomcat server.xml (found in the Tomcat 8.5\bin\ folder, after creating a backup file first):

CODE 
<Connector port="8443" maxThreads="500"
           server="Apache"
           scheme="https" secure="true" SSLEnabled="true" acceptCount="500"
           keystoreFile="/apps/content/certificates/keystore.ks" keystorePass="keystorepass"
           truststoreFile="/apps/content/certificates/truststore.ks" truststorePass="truststorePassword"/>

The above may appear different for the customer side (may have more included above the keystoreFile line). What would need to be added is the truststoreFile line, as that will then ensure both of the keystore and truststore point to the same file (so that it is the only one needing to be updated in any future certificate updates).

For reference for further Tomcat configuration, please see these other articles:

Shinydrive & SSL

Apache Tomcat 8 (8.5.88) - SSL/TLS Configuration How-To

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close