Comment 4 for bug 1739631

While it may be so that OpenJDK ships with empty certificates file, this is not sufficient to explain the issue, or consistent with the bug report I made. Quoting from the original bug report: "I discovered that the JDK's lib/security/cacerts is a symlink to /etc/ssl/certs/java/cacerts, which is provided by ca-certificates-java package".

This symlink exists, and it is the one used by JDK. The issue was that JDK9 is unable to read the contents of PKCS12-formatted keystore file, but is able to read its old JKS keystore file. In both cases, the files do contain certificates.