How to deal with certificates from non-trusted certificate authorities (Doc ID 1604086.1)

Last updated on NOVEMBER 05, 2016

Applies to:

Java SE JDK and JRE - Version 7 and later
Information in this document applies to any platform.

Goal

Java's cacerts truststore includes the root certificates of some well known public Certificate Authorities (CA).  Certificates issued by those CAs are trusted. JNLP applications that are signed with such trusted certificates do not cause security warnings.

Unfortunately there are situations where applications cannot be signed with a trusted certificate.  Large corporations and government authorities frequently run their own certificate authorities.  Some countries require their applications to be signed by a national CA which is only available in that particular country.  Such corporate or governmental CAs are not recognized by Java as trusted Certificate Authorities since their root certificates are not included in Java's cacerts truststore.

What possibilities exist to make a corporate or governmental CA a trusted CA in my environment?

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms