this allows to grant specific privileges for these applications as one might deem appropriate, by defining them in a security policy.
please see the Java documentation on how to accomplish this.
the certificate used for signing can be downloaded in the download section.
for a quick reference, the main properties of all the involved certificates are listed below (this output was created with the BoarderZone KeyStoreTool):
========================================================================= Alias: bz-root-ca Entry: trusted certificate at position 2 Added: 2017-05-30 - 07:56:32.984 +0200 Certificate: X.509v3 RSA 4096 bits certificate => VERIFIED - Serial-No.: 0xb1fcf1624767e62e - Signature: SHA256withRSA Subject DN: CN=BoarderZone Root CA, O=BoarderZone.net, L=Zuerich, C=CH Issuer DN: CN=BoarderZone Root CA, O=BoarderZone.net, L=Zuerich, C=CH Validity: not before: 2015-02-06 - 02:10:54.000 +0100 not after: 2035-02-06 - 02:10:54.000 +0100 Key usage: CA:max-path-length=2, Key certificate sign, CRL sign Fingerprints: MD5: 4C:4D:C6:B4:E7:9B:7D:99:23:1A:C0:60:69:77:A1:28 SHA-1: E0:DB:BC:CD:44:DB:3F:49:0D:0C:F8:A7:3D:AB:F5:CC:E4:66:3B:8F ========================================================================= Alias: bz-trust-ca Entry: trusted certificate at position 3 Added: 2017-05-30 - 07:57:02.432 +0200 Certificate: X.509v3 RSA 4096 bits certificate => VERIFIED - Serial-No.: 0xb1fcf1624767e62f - Signature: SHA256withRSA Subject DN: CN=BoarderZone Trust CA, O=BoarderZone.net, L=Zuerich, C=CH Issuer DN: CN=BoarderZone Root CA, O=BoarderZone.net, L=Zuerich, C=CH Validity: not before: 2015-02-06 - 02:11:19.000 +0100 not after: 2025-02-06 - 02:11:19.000 +0100 Key usage: CA:max-path-length=1, Key certificate sign, CRL sign Fingerprints: MD5: 6B:2B:12:88:C8:F9:55:01:62:CA:4C:7C:AC:03:85:74 SHA-1: DB:35:80:57:B9:BE:5B:CD:E3:03:D1:35:55:9F:98:7A:32:14:8A:81 ========================================================================= Alias: bz-qa Entry: trusted certificate at position 1 Added: 2022-07-20 - 13:35:54.305 +0200 Certificate: X.509v3 RSA 2048 bits certificate => VERIFIED - Serial-No.: 0x2aadd24acc41f3fa - Signature: SHA256withRSA Subject DN: CN=Quality Assurance, O=BoarderZone.net, L=Zuerich, C=CH - Altern.: ALT[RFC822] = qa@boarderzone.net Issuer DN: CN=BoarderZone Trust CA, O=BoarderZone.net, L=Zuerich, C=CH Validity: not before: 2022-07-20 - 13:27:05.000 +0200 not after: 2025-01-20 - 13:27:05.000 +0100 Key usage: no-CA, Digital signature, Non-repudiation - Extended: Code signing Fingerprints: MD5: DF:0A:67:AA:A1:6E:A1:25:43:73:97:2B:5C:41:E8:A0 SHA-1: 33:24:4D:AB:05:F1:B8:D3:FD:97:75:C2:B6:3D:72:D0:F2:C7:3A:04 =========================================================================