My Oracle Support Banner

How to Deal with Certificates from Non-Trusted Certificate Authorities (Doc ID 1604086.1)

Last updated on OCTOBER 22, 2019

Applies to:

Java SE JDK and JRE - Version 7 and later
Information in this document applies to any platform.


Java's cacerts truststore includes the root certificates of some well known public Certificate Authorities (CA).  Certificates issued by those CAs are trusted. JNLP applications that are signed with such trusted certificates do not cause security warnings.

Unfortunately there are situations where applications cannot be signed with a trusted certificate.  Large corporations and government authorities frequently run their own certificate authorities.  Some countries require their applications to be signed by a national CA which is only available in that particular country.  Such corporate or governmental CAs are not recognized by Java as trusted Certificate Authorities since their root certificates are not included in Java's cacerts truststore.

What possibilities exist to make a corporate or governmental CA a trusted CA in my environment?


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.