Description of problem:
There seems to be applets out there (e.g. the WebEx meeting) that is signed with the VeriSign Class 3 Public Primary Certification Authority but openjdk does not recognise this as a trusted CA. Is this intentional?
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. firefox http://www.webex.com/lp/jointest/?elq=809f7a3332a347a0a231ef24c8b40d9c
2. Try to join the meeting
3. Watch the warning
Seems the JVM gets it's certs from /etc/pki/java/cacerts
Some more details on the missing cert:
OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Validity: [From: Fri Jul 16 03:00:00 EEST 2004,
To: Wed Jul 16 02:59:59 EEST 2014]
SHA1 Fingerprint: 19:7A:4A:EB:DB:25:F0:17:00:79:BB:8C:73:CB:2D:65:5E:00:18:A4
Our authoritative source for trusted root CAs is Mozilla; this root is not in there, so we don't ship it. Not much more we can do about this; we don't want to start vetting individual CA roots in Fedora.
For what it's worth, I've now filed the same question with mozilla in https://bugzilla.mozilla.org/show_bug.cgi?id=676799