You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
### Merging the JVM and the operating system trust stores
146
+
<details>
147
+
<summary>Contributors</summary>
148
+
149
+
-[Sebastian Ratz](https://github.com/sratz)
150
+
-[Ed Merks](https://github.com/merks)
151
+
-[Christoph Läubrich](https://github.com/laeubi)
152
+
</details>
153
+
154
+
A new system property `-Declipse.platform.mergeTrust=true` was added to merge the trust store of the JVM (`lib/security/cacerts`)
155
+
and the trust store of the operating system (`Windows-ROOT` on Windows, `Apple KeychainStore` on macOS).
156
+
157
+
Previously, the Eclipse Platform was only using the JVM store (before Eclipse 2024-12) or only the OS trust store (starting with Eclipse 2024-12)
158
+
which could result in the common error
159
+
160
+
`javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target`
161
+
162
+
e.g., when updating Eclipse or installing new software.
163
+
164
+
The new `-Declipse.platform.mergeTrust=true` property is added by default to the Platform SDK and Runtime Binary as well as to all the IDE packages starting with 2025-12.
165
+
166
+
The strategy of merging trust stores is also applied by browser vendors, e.g. [Microsoft Edge](https://learn.microsoft.com/en-us/deployedge/microsoft-edge-security-cert-verification).
0 commit comments