[josm-dev] SunCertPathBuilderException
Stephan Knauss
osm at stephans-server.de
Tue Dec 15 16:08:59 UTC 2015
Dirk Stöcker writes:
> Cert chain is/was complete. It seems Java still does not include StartSSL,
> but Unix versions and browsers use the system certstore. So standalone
> non-Unixes fail. All others work.
probably you wanted to say WOsign here, but yes, neither that, nor Startcom
nor IdenTrust (for Let's Encrypt) is included in the Java store.
Just to have it as a reference in the mailing list archives: In the support
forum Let's Entrypt said they had applied to be included in Oracles cacert
list. So hopefully for the next renewal we'll have a better alternative.
https://community.letsencrypt.org/t/will-the-cross-root-cover-trust-by-the-
default-list-in-the-jdk-jre/134/11
This is the command to dump the contents of the certificate store to see
whether a specific CA is included.
"C:\Program Files (x86)\Java\jre1.8.0_66\bin\keytool.exe" -keystore "c:
\program files (x86)\java\jre1.8.0_
66\lib\security\cacerts" -storepass changeit -list -v
Stephan
More information about the josm-dev
mailing list