Thanks a lot! In case of you would also consider @nneul’s suggestion to get another cross signature that is in the current trust list, I just have extracted it from latest version of Java (8u66) with this small program. The list contains 93 entries:
1: CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB
2: CN=Actalis Authentication Root CA, O=Actalis S.p.A./03358520967, L=Milan, C=IT
3: CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE
4: CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE
5: CN=AddTrust Qualified CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE
6: CN=AffirmTrust Commercial, O=AffirmTrust, C=US
7: CN=AffirmTrust Networking, O=AffirmTrust, C=US
8: CN=AffirmTrust Premium ECC, O=AffirmTrust, C=US
9: CN=AffirmTrust Premium, O=AffirmTrust, C=US
10: CN=America Online Root Certification Authority 1, O=America Online Inc., C=US
11: CN=America Online Root Certification Authority 2, O=America Online Inc., C=US
12: CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust, O=Baltimore, C=IE
13: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
14: CN=Buypass Class 2 Root CA, O=Buypass AS-983163327, C=NO
15: CN=Buypass Class 3 Root CA, O=Buypass AS-983163327, C=NO
16: CN=COMODO ECC Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB
17: CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB
18: CN=Certum CA, O=Unizeto Sp. z o.o., C=PL
19: CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL
20: CN=Chambers of Commerce Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU
21: CN=Chambers of Commerce Root, OU=http://www.chambersign.org, O=AC Camerfirma SA CIF A82743287, C=EU
22: CN=Class 2 Primary CA, O=Certplus, C=FR
23: CN=Class 3P Primary CA, O=Certplus, C=FR
24: CN=Deutsche Telekom Root CA 2, OU=T-TeleSec Trust Center, O=Deutsche Telekom AG, C=DE
25: CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
26: CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
27: CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
28: CN=Entrust Root Certification Authority - EC1, OU="(c) 2012 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US
29: CN=Entrust Root Certification Authority - G2, OU="(c) 2009 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US
30: CN=Entrust Root Certification Authority, OU="(c) 2006 Entrust, Inc.", OU=www.entrust.net/CPS is incorporated by reference, O="Entrust, Inc.", C=US
31: CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net
32: CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US
33: CN=Equifax Secure eBusiness CA-1, O=Equifax Secure Inc., C=US
34: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US
35: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
36: CN=GeoTrust Primary Certification Authority - G2, OU=(c) 2007 GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US
37: CN=GeoTrust Primary Certification Authority - G3, OU=(c) 2008 GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US
38: CN=GeoTrust Primary Certification Authority, O=GeoTrust Inc., C=US
39: CN=GeoTrust Universal CA, O=GeoTrust Inc., C=US
40: CN=Global Chambersign Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU
41: CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE
42: CN=GlobalSign, O=GlobalSign, OU=GlobalSign ECC Root CA - R4
43: CN=GlobalSign, O=GlobalSign, OU=GlobalSign ECC Root CA - R5
44: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
45: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3
46: CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US
47: CN=KEYNECTIS ROOT CA, OU=ROOT, O=KEYNECTIS, C=FR
48: CN=LuxTrust Global Root, O=LuxTrust s.a., C=LU
49: CN=QuoVadis Root CA 2, O=QuoVadis Limited, C=BM
50: CN=QuoVadis Root CA 3, O=QuoVadis Limited, C=BM
51: CN=QuoVadis Root Certification Authority, OU=Root Certification Authority, O=QuoVadis Limited, C=BM
52: CN=SecureTrust CA, O=SecureTrust Corporation, C=US
53: CN=Sonera Class1 CA, O=Sonera, C=FI
54: CN=Sonera Class2 CA, O=Sonera, C=FI
55: CN=Starfield Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
56: CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
57: CN=SwissSign Gold CA - G2, O=SwissSign AG, C=CH
58: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH
59: CN=SwissSign Silver CA - G2, O=SwissSign AG, C=CH
60: CN=Swisscom Root CA 2, OU=Digital Certificate Services, O=Swisscom, C=ch
61: CN=Swisscom Root EV CA 2, OU=Digital Certificate Services, O=Swisscom, C=ch
62: CN=T-TeleSec GlobalRoot Class 2, OU=T-Systems Trust Center, O=T-Systems Enterprise Services GmbH, C=DE
63: CN=T-TeleSec GlobalRoot Class 3, OU=T-Systems Trust Center, O=T-Systems Enterprise Services GmbH, C=DE
64: CN=Thawte Timestamping CA, OU=Thawte Certification, O=Thawte, L=Durbanville, ST=Western Cape, C=ZA
65: CN=USERTrust ECC Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US
66: CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US
67: CN=UTN - DATACorp SGC, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
68: CN=UTN-USERFirst-Client Authentication and Email, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
69: CN=UTN-USERFirst-Hardware, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
70: CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
71: CN=VeriSign Class 1 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
72: CN=VeriSign Class 2 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
73: CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
74: CN=VeriSign Class 3 Public Primary Certification Authority - G4, OU="(c) 2007 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
75: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
76: CN=VeriSign Universal Root Certification Authority, OU="(c) 2008 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
77: CN=XRamp Global Certification Authority, O=XRamp Security Services Inc, OU=www.xrampsecurity.com, C=US
78: CN=thawte Primary Root CA - G2, OU="(c) 2007 thawte, Inc. - For authorized use only", O="thawte, Inc.", C=US
79: CN=thawte Primary Root CA - G3, OU="(c) 2008 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US
80: CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US
81: EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
82: OU=Class 1 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
83: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
84: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
85: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US
86: OU=Security Communication EV RootCA1, O="SECOM Trust Systems CO.,LTD.", C=JP
87: OU=Security Communication RootCA1, O=SECOM Trust.net, C=JP
88: OU=Security Communication RootCA2, O="SECOM Trust Systems CO.,LTD.", C=JP
89: OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
90: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 1 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
91: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
92: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
93: OU=ePKI Root Certification Authority, O="Chunghwa Telecom Co., Ltd.", C=TW