SpringBoot With SpringBoot3 adoption ,web server failed to start with error: "Could not load store: Unable to create trust store: Location must not be empty or null"

Hi all,

I have migrated my code from spring boot 2.7.x to 3.1.x

After migration the web server failed to start with following error:

 :: Spring Boot ::                (v3.1.0)
{"timestamp":"2023-10-25 08:01:30.291","level":"ERROR","logger":"org.springframework.boot.SpringApplication","message":"Application run failed","exception":"
org.springframework.context.ApplicationContextException: Unable to start web server
    at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.onRefresh(ServletWebServerApplicationContext.java:164)at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:602)
    at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.refresh(ServletWebServerApplicationContext.java:146)
    at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:733)
    at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:435)
    at org.springframework.boot.SpringApplication.run(SpringApplication.java:311)
    at org.springframework.boot.SpringApplication.run(SpringApplication.java:1305)
    at org.springframework.boot.SpringApplication.run(SpringApplication.java:1294)
    at com.amdocs.xps.AsmServicesServer.main(AsmServicesServer.java:47)
Caused by: java.lang.IllegalStateException: Could not load store: Unable to create trust store: Location must not be empty or null
    at org.springframework.boot.web.embedded.tomcat.SslConnectorCustomizer.configureSslStoreProvider(SslConnectorCustomizer.java:124)
    at org.springframework.boot.web.embedded.tomcat.SslConnectorCustomizer.configureSsl(SslConnectorCustomizer.java:93)
    at org.springframework.boot.web.embedded.tomcat.SslConnectorCustomizer.customize(SslConnectorCustomizer.java:59)
    at org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory.customizeSsl(TomcatServletWebServerFactory.java:367)
    at org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory.customizeConnector(TomcatServletWebServerFactory.java:344)
    at org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory.getWebServer(TomcatServletWebServerFactory.java:203)
    at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.createWebServer(ServletWebServerApplicationContext.java:183)
    at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.onRefresh(ServletWebServerApplicationContext.java:161)
    ... 8 common frames omitted
Caused by: java.lang.IllegalStateException: Unable to create trust store: Location must not be empty or null
    at org.springframework.boot.ssl.jks.JksSslStoreBundle.createKeyStore(JksSslStoreBundle.java:89)
    at org.springframework.boot.ssl.jks.JksSslStoreBundle.getTrustStore(JksSslStoreBundle.java:68)
    at org.springframework.boot.web.embedded.tomcat.SslConnectorCustomizer.configureSslStoreProvider(SslConnectorCustomizer.java:119)
    ... 15 common frames omitted
Caused by: java.lang.IllegalStateException: Location must not be empty or null
    at org.springframework.util.Assert.state(Assert.java:97)
    at org.springframework.boot.ssl.jks.JksSslStoreBundle.loadKeyStore(JksSslStoreBundle.java:110)
    at org.springframework.boot.ssl.jks.JksSslStoreBundle.createKeyStore(JksSslStoreBundle.java:84)
    ... 17 common frames omitted

"}

What can be the issue, do we need to set something explicitly after migration?

Comment From: wilkinsona

It looks like your trust store is misconfigured but we cannot tell why as you have not told us how you have configured it.

If you would like us to spend some more time investigating, please spend some time providing a complete yet minimal sample that reproduces the problem. You can share it with us by pushing it to a separate repository on GitHub or by zipping it up and attaching it to this issue.

Comment From: karishma1010jain

Setting using below property. javax.net.ssl.trustStore = /run/secrets/keystores/truststore/pki-common-truststore.jks The file "pki-common-truststore.jks" is also available at the same path inside container. what else can be checked?

Comment From: wilkinsona

Please provide a complete sample that reproduces the problem. Starting an app with -Djavax.net.ssl.trustStore=/run/secrets/keystores/truststore/pki-common-truststore.jks does not do so for me. Perhaps you have some other SSL-related configuration in application.properties or application.yaml?

Comment From: spring-projects-issues

If you would like us to look at this issue, please provide the requested information. If the information is not provided within the next 7 days this issue will be closed.

Comment From: spring-projects-issues

Closing due to lack of requested feedback. If you would like us to look at this issue, please provide the requested information and we will re-open the issue.