sorry. I hope this request is approved else I will backout the fix. The fix itself is clean and low risk. It removes the expired root CA certificate from cacerts store. This CA never had any code signing certificate issued from
The first two roots can be safely removed after they expire. However, the 3rd root should be retained since there were many code signing certificates issued that chain back to this root and removing this root could break signed code that was also timestamped and is still in use. In this ...
Imporing on the client side Supposing you have already created the keystore for the client side, (name it clientkeystore for example), we could import the certificate with: keytool -keystore clientkeystore.jks -import -alias testserver -file testserver.crt -trustcacerts It's done! We jus...