Java 10 Root Certificates
The cacerts keystore, which is part of the JDK, is intended to contain a set of root certificates that can be used to establish trust in the certificate chains employed in various security protocols. The cacerts keystore in the JDK source code, however, is currently empty.
The cacerts keystore will be populated with a set of root certificates issued by the CAs of Oracle’s Java SE Root CA Program. A lot of vendors have already signed to the required agreement and, for each, a list of the root certificates that will be included. Those that do not sign an agreement will not be included at this time. Those that take longer to process will be included in the next release.
This will also mean that both Oracle & Open JDK binaries will be functionally the same. Critical security components such as TLS will work by default in OpenJDK builds going forward.