java.security.NoSuchAlgorithmException: Error constructing implementation

When attempting to perform an operation that relies on SSL/TLS, you may see errors like the following:

java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)

This is generally due to the system not being able to locate a valid certificate for the application server. There are a few areas of the system to check when troubleshooting this particular issue:

Cascade CMS 8.21 and newer

To locate the keystore settings for the application:

  • Go to System Preferences
  • In the System tab, scroll down to the SSL/TLS Key Store section.
  • Verify that:
    • The Key Store Path points to a valid key store on the application server.
    • The key store referenced in the Key Store Path field contains the proper SSL certificates for the application server itself.
    • The Key Store Password field contains the correct password for the key store that is being referenced.
  • Any changes made will require restarting Cascade CMS
Note: If using the bundled keystore in the Cascade CMS installation, the default password is changeit

Prior to Cascade CMS 8.21

While it may not seem related at first, the LDAP Configuration in your instance can potentially be the cause of this problem. If you happen to be using LDAP to sync/authenticate users in your instance, check the following items in your configuration:

  • In the Binding section, see if the SSL option is selected. If it is selected, verify that:
      • The Key Store Path points to a valid key store on the application server.
      • The key store referenced in the Key Store Path field contains the proper SSL certificates for the application server itself.
      • The Key Store Password field contains the correct password for the key store that is being referenced.
      • Any changes made will require restarting Cascade CMS

    Note: If using the bundled keystore in the Cascade CMS installation, the default password is changeit

  • If the SSL option is not selected, skip to Default Java Key Store.

Important notes on using LDAP over SSL

  • Any changes made in the LDAP configuration with respect to the key store require a restart of Cascade CMS in order to take effect.
  • Any time an LDAP sync occurs, the application will load the key store that is being referenced in the Key Store Path field into memory. Because of this, it is important that you maintain a single key store on your application server that contains any necessary certificates for your environment. Having a single key store with all of the proper certificates in it can prevent issues with different key stores being referenced from different locations within the application environment.

Default Java Key Store

For those who are either not using LDAP at all (prior to Cascade CMS 8.21) or are not specifying keystore information in the System Preferences (Cascade CMS 8.21+), the application will default to using the key store located within the application's Java installation. To find out which installation of Java the application is using, see this article.

After determining which Java installation is being used, you'll need to make sure that the key store (generally lib/security/cacerts) contains the certificates for the application server itself.