The Oracle Java Root Certificate program is in a steady state and generally not accepting new participants. Only widely recognized Certificate Authorities with a significant customer base and global reach should consider applying.
In order to protect Oracle's Java SE customers from security issues related to the use of public key infrastructure (PKI) certificates while enhancing their overall experience, Oracle requires that all root certificates authorities meet the following criteria before applying for inclusion of their root certificates in Oracle’s Java Runtime Environment (JRE).
Use of your root certificates: If accepted into the program Oracle will have the right, but not the obligation to, distribute your root certificates in our Java Runtime Environment’s (JRE) root certificate store.
The process starts with a globally recognized Certificate Authority with broad and international customer base, and/or existing program participant sending e-mail with the following information to JAVASE-CA-REQUEST_WW_GRP
You should receive an email receipt confirmation within 20 business days of submitting your request.
We will then evaluate your request and contact you if appropriate for additional information.
The evaluation period will vary in length depending on the individual characteristics of the request and might require additional information. Please note that even for perfectly qualified applications the entire process can take several months.
Submissions of applicants that do not reply to Oracle’s request for information will be placed on hold until all questions are answered. Applications that have been placed on hold for more than 3 months will be considered abandoned and a new application will be required to restart the process.
Oracle does not charge for the root certificate program.
The program runs on an on-going basis. There is no deadline for submission. Certificates that are added to the program are included in a future JRE update. Once approved Oracle will notify you of the expected release version and approximate date on which the certificates will start being included in the JRE.
Approved Certificate Authorities that want to add a new certificate to the JRE can do so until they have a total of 3 root certificates in the JRE. Once the total number has been reached CAs will have the option of replacing any of the certificates with new certificates that meet the current requirements.
Certificates accepted into the JRE will be shipped with the JDK until one of the following occurs:
In order for Oracle and its partners to include and distribute your certificates you will need to agree to the Oracle Contributor Agreement.
A typical reason is we are generally not accepting new participants at this time and are extremely selective to new participants. Generally, unless you are a broadly available Certificate Authority with an international customer base you are unlikely to be included. In addition to being a globally recognized Certificate Authority it must be clear your inclusion adds value to the broader Java community. Root certificates that are only available to internal developers, customers of a single organization (public or private), country, region, or to a closed network of organizations, or an organization that is not a globally recognized Certificate Authority at Oracle’s sole discretion will not be accepted into the Root Certificate Program.
We regret that we may not always be able to provide exhaustive details for all applications.