There are a number of other providers (such as StartSSL) that are widely trusted, but are NOT included in the JDK/JRE default trust store, so any java based client will not trust the certificates out of the box. Do you know if the CA you’ll be cross signing with is included in the java default trus…

So, I guess I’m gonna have to do this again a few times so made a small script, might be useful for someone else: https://gist.github.com/hedefalk/9442c224e7de4739e8cee6b7e88c4d7f install-letsencrypt-in-jdk.sh #!/bin/bash JAVA_HOME=${1-text} [ $# -eq 0 ] && { echo "Usage: sudo $0 \$(/usr/l…

You shouldn’t need to store (and probably shouldn’t store) the intermediate certs in the root trust store. Rather, add both the ISRG root and the DST root. All the certs made right now with the letsencrypt client use an intermediate chained back to the DST root because it has wider trust acceptance. …

Since @pfg mention this topic as relevant for oracle jdk root inclusion. It would be nice to get an update if there is any progress or timeline.

Getting LE-verified site e.g. https://gethttpsforfree.com/ fails for current latest Oracle java (1.8.0_91).

Oracle needs to add IdenTrust’s DST Root X3 to Java in order for things to work by default. I’ve been notified by Oracle that they have accepted the root into their program and that it will ship in a software update. I don’t know when that software update will ship, unfortunately.

[image] josh: it will ship in a software update Very good news! Do you know at least if it will be in a major update (i.e. JRE 9) or in a minor update? Thanks

The ticket at https://bugs.openjdk.java.net/browse/JDK-8154757 and shows a backport for JDK 8u101. The next Oracle Critical Patch Update is July 2016 per http://www.oracle.com/technetwork/topics/security/alerts-086861.html

Just wanted to let you know that importing chain.pem into cacerts (/etc/ssl/java/cacerts) from /etc/letsencrypt/live// worked with an Oracle JDK 1.8.0_91 in Debian 64. In my case I used the certificates for a Jira Tomcat container which had its own JDK by the way. So check carefully which JDK is rea…

Even though the certificate should’ve been added to Java per https://bugs.openjdk.java.net/browse/JDK-8154757 , the latest JDK 8u112 Build b02 from Early Access Releases ( https://jdk8.java.net/download.html ) still doesn’t have it. Java trust store file (lib/security/cacerts) hasn’t changed since JDK …

I’ve just tried the latest Java 9 build and its cacerts also still doesn’t include IdenTrust and DST certificates. Any idea why?

Will the cross root cover trust by the default list in the JDK/JRE?

Issuance Tech

mrtux July 20, 2016, 3:10pm 53

List of browsers and operating systems where LE is trusted ( Which browsers and operating systems support Let's Encrypt) updated.

Topic		Replies	Views
Helloworld.letsencrypt.org can only find certificate with DST X3 loaded Server	19	9569	June 12, 2016
Certificate upgrade Java Tomcat (and Apache) Server	16	2917	May 13, 2019
DST Root CA X3 based cert no longer accepted by Java 8u144 Help	18	1993	March 25, 2021
Which browsers and operating systems support Let's Encrypt Server	70	210495	November 19, 2020
CN=DST Root CA X3, O=Digital Signature Trust Co. and serial number 4001 7721 37D4 E942 B8EE 76AA 3C64 0AB7 is not a trusted certificate Help	33	8201	November 19, 2021

Will the cross root cover trust by the default list in the JDK/JRE?

Related topics