The OpenJDK 9 binary for Linux x64 contains an empty `cacerts` keystore. This prevents TLS connections from being established because there are no Trusted Root Certificate Authorities installed. You may see an exception like the following:
`javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty`
As a workaround, users can set the `javax.net.ssl.trustStore` System Property to use a different keystore. For example, the `ca-certificates` package on Oracle Linux 7 contains the set of Root CA certificates chosen by the Mozilla Foundation for use with the Internet PKI. This package installs a trust store at `/etc/pki/java/cacerts`, which can be used by OpenJDK 9.
Only the OpenJDK 64 bit Linux download is impacted. This issue does not apply to any Oracle JRE/JDK download.
Progress on open-sourcing the Oracle JDK Root CAs can be tracked through the issue JDK-8189131.