jarsigner includes a certpath validation check, and shows a warning when the check fails. The CertPathValidator object, unfortunately, is initialized in a method that can only be executed if a local keystore is found (either ~/.keystore or specified by -keystore). Therefore, if there is no local keystore but the jarfile's signer can be directly verified by a cert in cacerts, we still see this warning.
|