The root certificate is indeed in the certificate store. It is
Owner: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=
US
Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C
=US
Serial number: 70bae41d10d92934b638ca7b03ccbabf
Valid from: Mon Jan 29 02:00:00 EET 1996 until: Wed Aug 02 02:59:59 EEST 2028
Certificate fingerprints:
MD5: 10:FC:63:5D:F6:26:3E:0D:F3:25:BE:5F:79:CD:67:67
SHA1: 74:2C:31:92:E6:07:E4:24:EB:45:49:54:2B:E1:BB:C5:3E:61:74:E2
Signature algorithm name: MD2withRSA
Version: 1
The problem is a different one. OpenJDK doesn't build the chain from the intermediate Code Signing certificate to the root certificate. See attached screen shot.
Sorry, my conclusions in #5 was incorrect.
The root certificate is indeed in the certificate store. It is
Owner: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C= 4b638ca7b03ccba bf 5D:F6:26: 3E:0D:F3: 25:BE:5F: 79:CD:67: 67 92:E6:07: E4:24:EB: 45:49:54: 2B:E1:BB: C5:3E:61: 74:E2
US
Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C
=US
Serial number: 70bae41d10d9293
Valid from: Mon Jan 29 02:00:00 EET 1996 until: Wed Aug 02 02:59:59 EEST 2028
Certificate fingerprints:
MD5: 10:FC:63:
SHA1: 74:2C:31:
Signature algorithm name: MD2withRSA
Version: 1
The problem is a different one. OpenJDK doesn't build the chain from the intermediate Code Signing certificate to the root certificate. See attached screen shot.