The keytool -printcrl command tries to verify the input CRL file using a cert in cacerts for the specified keystore (or ~/.keystore is not specified). If no cert can be found that signs the CRL, it would print out
WARNING: not verified. Make sure -keystore and -alias are correct.
This is not entirely correct, because -alias is not used here.
This code change involves new localized string entry in sun/security/Resources.java.