And indeed, the VeriSign Class 3 Code Signing 2009-2 CA certificate is not on the list.
The certificate has always been accepted by sun-java (tested with at least hardy, intrepid, jaunty and lucid). So if Sun & Sampopankki have not made a fundamental mistake, it should be safe for OpenJDK to trust that certifcate, too.
The CA certificates file exists twice on
/usr/share/ ca-certificates -java/cacerts certs/java/ cacerts
/etc/ssl/
I have not added any certificate in any phase and both files have identical contents.
(There is also a symbolic link /usr/lib/ jvm/java- 6-openjdk/ jre/lib/ security/ cacerts -> /etc/ssl/ certs/java/ cacerts)
The contents of the file can be listed using the command
keytool -list -storetype jks -keystore /etc/ssl/ certs/java/ cacerts -v
The password is "changeit"
And indeed, the VeriSign Class 3 Code Signing 2009-2 CA certificate is not on the list.
The certificate has always been accepted by sun-java (tested with at least hardy, intrepid, jaunty and lucid). So if Sun & Sampopankki have not made a fundamental mistake, it should be safe for OpenJDK to trust that certifcate, too.