Hızlı yanıt: kod örneği
The JRE with default settings trusts all certificates that somehow link to one of the certificates in , unless you have configured a different truststore. Actually the process is a bit more complicated (google PKIX path validation), but this explanation is good enough for our purposes. If your certificate is signed by an intermediate CA (which is true for most certificates), be sure to supply the certificate chain. For example, if you use it for https on an apache webserver, use the option to configure the file with the intermediates. This way, it doesn't matter which intermediate signs the certificate, as long as the intermediate links to a CA in cacerts. BTW: The process to get a certificate into the truststore is explained here: http://www.oracle.com/technetwork/java/javase/javasecarootcertsprogram-1876540.html
Since Oracle reserves the right to remove CAs from this list, there is no list that will be guaranteed to work in future releases. Depending on your application supplying your own truststore via property might be an option.
jre/lib/security/cacerts
SSLCertificateChainFile
javax.net.ssl.trustStore