AIQUM cluster acquisitions failing with trustanchor errors

Last updated
Save as PDF
Share
1. Share
2. Tweet
3. Share

Views:: 6

Visibility:: Public

Votes:: 0

Category:: active-iq-unified-manager

Specialty:: om

Last Updated:

Applies to

Active IQ Unified Manager (AIQUM) 9.16 and 9.18
OVA and Linux Platform

Issue

AIQUM webUI is available and cluster setup page shows clusters green, but acquisition for clusters is not working.
AIQUM acquisition service cannot connect with trustanchor errors.
au.log shows:
- 2026-03-25 07:53:45,281 INFO [main] c.o.s.a.f.m.CommunicationManager (CommunicationManager.java:420) - Could not communicate with the server; will retry in 10000ms
  
  2026-03-25 07:53:55,281 INFO [main] c.o.s.a.f.m.CommunicationManager (CommunicationManager.java:441) - Attempting to verify server at: https://localhost:443
  
  2026-03-25 07:53:55,286 WARN [main] c.o.s.a.f.m.CommunicationManager (CommunicationManager.java:454) - server unreachable for https://localhost:443 java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
  
  at java.security.cert.PKIXParameters.setTrustAnchors(PKIXParameters.java:200) ~[?:?]
  
  at java.security.cert.PKIXParameters.<init>(PKIXParameters.java:120) ~[?:?]
  
  at java.security.cert.PKIXBuilderParameters.<init>(PKIXBuilderParameters.java:104) ~[?:?]
  
  at sun.security.validator.PKIXValidator.<init>(PKIXValidator.java:99) ~[?:?]
  
  at sun.security.validator.Validator.getInstance(Validator.java:181) ~[?:?]
  
  at sun.security.ssl.X509TrustManagerImpl.getValidator(X509TrustManagerImpl.java:300) ~[?:?]
  
  at sun.security.ssl.X509TrustManagerImpl.checkTrustedInit(X509TrustManagerImpl.java:176) ~[?:?]
  
  at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:189) ~[?:?]
  
  at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:129) ~[?:?]
  
  at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1341) ~[?:?]
  
  at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?]
  
  at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?]
  
  at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392) ~[?:?]
  
  at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:443) ~[?:?]
  
  at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:421) ~[?:?]
  
  at sun.security.ssl.TransportContext.dispatch(TransportContext.java:189) ~[?:?]
  
  at sun.security.ssl.SSLTransport.decode(SSLTransport.java:172) ~[?:?]
  
  at sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1511) ~[?:?]
  
  at sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1421) ~[?:?]
  
  at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:456) ~[?:?]
  
  ... 13 more
  
  Wrapped by: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
  
  at sun.security.validator.PKIXValidator.<init>(PKIXValidator.java:102) ~[?:?]
root@aiqum: file /opt/netapp/essentials/jboss/server/onaro/cert/server.truststore
- - output shows "data" or something else instead of "Java Keystore"