Public-key cryptography is used widely on the Internet. When the web browser opens a secured website, it checks the server-side certificate against the website domain name. To perform such checks, all web browsers have a list of Certificate Authority (CA) certificates that may be used to sign server-side certificates of websites. Such checks may be disabled but they are a necessary part of secure web browsing, client banking, and so on.
When website access is used by a Java program (for example, to download a file from a secure site), programs such as the browser in the preceding example should check the site certificate. Such a check is usually performed by the underlying SSL API implementation, and with the browser, the list of CA certificates must be available to the OpenJDK runtime.
Such a list is stored in the openjdk_directory/jre/security/cacerts
file in the
Java KeyStore (JKS) format. In official OpenJDK 6 tarballs, the cacerts
file contains no certificates...