View ToC

Java 10 - Root Certificate

JEP 319 - Root Certificates

Cacerts store, prior to Java 10 is an empty set. It is required to contain a set of certificates which can be used to establish trust in certificates chain of various security protocols of vendors.

OpenJDK builds are not having such certificates which is why critical security components like TLS didn't work in default build.

Now as Oracle has open sourced the root certificates using Oracle JAVA SE Root CA program, OpenJDK builds can now have root certificates and thus can reduce the difference between OpenJDK and Oracle JDK.

Oracle JAVA SE Root CA program issues the root certificates. Vendors who've signed the agreement, are included in the set of root certificates. The vendors who are not registered will be included in next release.