How to deal with certificates from non-trusted certificate authorities
Last updated on DECEMBER 15, 2017
Applies to:Java SE JDK and JRE - Version 7 and later
Information in this document applies to any platform.
Java's cacerts truststore includes the root certificates of some well known public Certificate Authorities (CA). Certificates issued by those CAs are trusted. JNLP applications that are signed with such trusted certificates do not cause security warnings.
Unfortunately there are situations where applications cannot be signed with a trusted certificate. Large corporations and government authorities frequently run their own certificate authorities. Some countries require their applications to be signed by a national CA which is only available in that particular country. Such corporate or governmental CAs are not recognized by Java as trusted Certificate Authorities since their root certificates are not included in Java's cacerts truststore.
What possibilities exist to make a corporate or governmental CA a trusted CA in my environment?
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms