If HTTPS is used in the apps, plugin and webstart attempts to reload every certificate stores to ensure the certificates are up-to-date for every new connection. However, some of the certificates stores take a lot of time to load and they seldom change, e.g. cacerts. As a result, it causes overhead (usually over 1 second) for every HTTPS connection used in the app. It has significant impact to app startup time if the app is loaded through HTTPS.
If signing is used in the apps, plugin and webstart also attempts to reload every certificate stores to ensure the certificates are up-to-date for signing verification. However, it causes unnecessary overhead for every signed jar used in the app. It also has significant impact to app startup time if the app is composed of many signed jars.
This problem is reported by several customers against J2SE v1.4.2 and v1.5 with MS VM; customers reported their apps are obviously slower when making HTTPS connection in Sun VM compared to MS VM.
To optimize the performance, either root CA cert store should not be reloaded within the session, or the cert store should be reloaded only if it has been changed since the last access.