This issue will only occur in cases where you are trying to connect to an application that is running behind a reverse proxy or a Load balancer that has SSL enabled or if the application itself has SSL enabled.
This issue will only occur in cases where you are trying to connect to an application that is running behind a reverse proxy or a Load balancer that has SSL enabled or if the application itself has SSL enabled. Usually this error happens in cases where you are trying to connect Artifactory to a remote endpoint using the HTTPS protocol.
java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
You can run the following command to see f the SSL certs used by Xray or any other remote endpoint are self signed or a certificate signed by a know Certificate Authority. If you notice that the certs are self signed, then you have to follow this article to import the self signed certs to the java trusted keystore:
openssl s_client -showcerts -connect myxray.com:443
If you notice that the SSL cert is signed by a known Certificate Authority like GoDaddy, Digicert, Symantec, Globalsign etc. But still you are seeing the error "Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty", then it could be that your Artifactory is configured to point to an invalid truststore.
You can check this by looking for the following java option "-Djavax.net.ssl.trustStore=/home/path/to/cacerts"
in the "default" file under $ARTIFACTORY_HOME/etc/ folder for a service installation of Artifactory. If this option is set in the "default" file, then it means that Artifactory will not rely on the default java truststore under $JAVA_HOME/lib/security/cacerts and will use the "cacerts" location given in the java option. If the "cacerts" file provided in the java option is invalid, then this would cause the error when connecting to a HTTPS endpoint.
If your Artifactory is a standalone zip installation, then the java options are specified in "artifactory.default" file under $ARTIFACTORY_HOME/bin/ folder. Please check this file and see if the java option is set to point to a custom "cacerts" location. Here is a link that shows where are the java options set for Artifactory based on the installation type:
If this is the case, then please remove the java option from the config file or point it to the right location where you have a valid "cacerts" file and restart Artifactory. Removing this java option -Djavax.net.ssl.trustStore will force Artifactory to pick the default java truststore under $JAVA_HOME/lib/security/cacerts.