diff --git a/gravitee-node-certificates/src/main/java/io/gravitee/node/certificates/x509/RefreshableX509TrustManagerDelegator.java b/gravitee-node-certificates/src/main/java/io/gravitee/node/certificates/x509/RefreshableX509TrustManagerDelegator.java
index d654f9ea3..b6fd1ef5c 100644
--- a/gravitee-node-certificates/src/main/java/io/gravitee/node/certificates/x509/RefreshableX509TrustManagerDelegator.java
+++ b/gravitee-node-certificates/src/main/java/io/gravitee/node/certificates/x509/RefreshableX509TrustManagerDelegator.java
@@ -79,7 +79,10 @@ public void checkServerTrusted(X509Certificate[] chain, String authType) throws
     @Override
     public X509Certificate[] getAcceptedIssuers() {
         X509ExtendedTrustManager trustManager = this.delegate;
-        return trustManager != null ? trustManager.getAcceptedIssuers() : null;
+        if (trustManager != null) {
+            return trustManager.getAcceptedIssuers();
+        }
+        return new X509Certificate[] {};
     }
 
     @Override
diff --git a/gravitee-node-certificates/src/test/java/io/gravitee/node/certificates/x509/RefreshableX509TrustManagerDelegatorTest.java b/gravitee-node-certificates/src/test/java/io/gravitee/node/certificates/x509/RefreshableX509TrustManagerDelegatorTest.java
index ff57d9c42..c50b2fadd 100644
--- a/gravitee-node-certificates/src/test/java/io/gravitee/node/certificates/x509/RefreshableX509TrustManagerDelegatorTest.java
+++ b/gravitee-node-certificates/src/test/java/io/gravitee/node/certificates/x509/RefreshableX509TrustManagerDelegatorTest.java
@@ -25,6 +25,7 @@
 import io.gravitee.common.util.KeyStoreUtils;
 import java.io.IOException;
 import java.net.Socket;
+import java.net.URL;
 import java.security.KeyStore;
 import java.security.cert.CertificateException;
 import java.security.cert.CertificateFactory;
@@ -61,12 +62,26 @@ public void before() {
         cut = new RefreshableX509TrustManagerDelegator("http");
     }
 
+    @Test
+    void should_not_fail_on_empty_truststore() {
+        assertThatCode(() -> cut.checkServerTrusted(null, null, (Socket) null)).doesNotThrowAnyException();
+        assertThatCode(() -> cut.checkServerTrusted(null, null, (SSLEngine) null)).doesNotThrowAnyException();
+        assertThatCode(() -> cut.checkServerTrusted(null, null)).doesNotThrowAnyException();
+        assertThatCode(() -> cut.checkClientTrusted(null, null, (Socket) null)).doesNotThrowAnyException();
+        assertThatCode(() -> cut.checkClientTrusted(null, null, (SSLEngine) null)).doesNotThrowAnyException();
+        assertThatCode(() -> cut.checkClientTrusted(null, null)).doesNotThrowAnyException();
+        assertThat(cut.getAcceptedIssuers()).isNotNull();
+        assertThat(cut.getAcceptedIssuers()).isEmpty();
+    }
+
     @Test
     void should_load_truststore_store_and_trust_certs() throws CertificateException, IOException {
         KeyStore trustStore = loadTruststore();
         cut.refresh(trustStore);
         assertThat(cut.getAcceptedIssuers()).hasSize(2);
-        try (var is = this.getClass().getResource("/truststores/client2.crt").openStream();) {
+        URL resource = this.getClass().getResource("/truststores/client2.crt");
+        assertThat(resource).isNotNull();
+        try (var is = resource.openStream()) {
             X509Certificate certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(is);
             assertThat(cut.getAcceptedIssuers()).contains(certificate);
             X509Certificate[] chain = new X509Certificate[] { certificate };
@@ -84,7 +99,9 @@ void should_load_truststore_store_and_do_not_trust_certs() throws CertificateExc
         KeyStore trustStore = loadTruststore();
         cut.refresh(trustStore);
         assertThat(cut.getAcceptedIssuers()).hasSize(2);
-        try (var is = this.getClass().getResource("/truststores/client1.crt").openStream();) {
+        URL resource = this.getClass().getResource("/truststores/client1.crt");
+        assertThat(resource).isNotNull();
+        try (var is = resource.openStream()) {
             X509Certificate untrusted = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(is);
             assertThat(cut.getAcceptedIssuers()).doesNotContain(untrusted);
             X509Certificate[] chain = new X509Certificate[] { untrusted };
@@ -104,10 +121,8 @@ void should_load_truststore_store_and_do_not_trust_certs() throws CertificateExc
     }
 
     private KeyStore loadTruststore() {
-        return KeyStoreUtils.initFromPath(
-            CERTIFICATE_FORMAT_PKCS12,
-            this.getClass().getResource("/truststores/truststore2-3.p12").getPath(),
-            PASSWORD
-        );
+        URL resource = this.getClass().getResource("/truststores/truststore2-3.p12");
+        assertThat(resource).isNotNull();
+        return KeyStoreUtils.initFromPath(CERTIFICATE_FORMAT_PKCS12, resource.getPath(), PASSWORD);
     }
 }