Getting "Unable to build a CertPath: no PKIXBuilderParameters available" error

[jnaithani]

bc-java/tls/src/main/java/org/bouncycastle/jsse/provider/ProvX509TrustManager.java

Line 270 in 1349bb0

throw new CertificateException("Unable to build a CertPath: no PKIXBuilderParameters available");

A JDK configured with the current bc-fips and bctls-fips libraries that is calling the AWS S3 service keeps failing with the following error

Caused by: java.security.cert.CertificateException: Unable to build a CertPath: no PKIXBuilderParameters available
at org.bouncycastle.jsse.provider.ProvX509TrustManager.checkTrusted(ProvX509TrustManager.java:270)
at org.bouncycastle.jsse.provider.ProvX509TrustManager.checkServerTrusted(ProvX509TrustManager.java:182)
at org.bouncycastle.jsse.provider.ProvSSLSocketWrap.checkServerTrusted(ProvSSLSocketWrap.java:127)
... 47 more

getKeyFromAWSS3 failed: Unable to execute HTTP request: certificate_unknown(46)

However, the JDK configured with the SUN TLS provider in FIPS mode does not have the same issue.

What could be the reason the pkixTemplate is null, and that then results in the exception being thrown?

[peterdettman]

You haven't supplied any trust anchors (trustedCerts is empty), so all trust checks will fail. Review the way you have configured the trust manager (or perhaps the trust store). There may be a WARNING level log entry (Java Logging API) in relation to loading the default trust store.

[jnaithani]

Thank you - I checked and realized that I had specified an incorrect path location for the truststore file. The issue was resolved after correcting the path.