Dirk Stöcker writes:
Cert chain is/was complete. It seems Java still does not include StartSSL, but Unix versions and browsers use the system certstore. So standalone non-Unixes fail. All others work.
probably you wanted to say WOsign here, but yes, neither that, nor Startcom nor IdenTrust (for Let's Encrypt) is included in the Java store.
Just to have it as a reference in the mailing list archives: In the support forum Let's Entrypt said they had applied to be included in Oracles cacert list. So hopefully for the next renewal we'll have a better alternative.
https://community.letsencrypt.org/t/will-the-cross-root-cover-trust-by-the- default-list-in-the-jdk-jre/134/11
This is the command to dump the contents of the certificate store to see whether a specific CA is included.
"C:\Program Files (x86)\Java\jre1.8.0_66\bin\keytool.exe" -keystore "c: \program files (x86)\java\jre1.8.0_
66\lib\security\cacerts" -storepass changeit -list -v Stephan _______________________________________________ josm-dev mailing list [email protected] https://lists.openstreetmap.org/listinfo/josm-dev
