Bug Report: Sectigo Public Server Authentication Root R46 is missing on cacerts.p12‎

[sanchezfauste]

Brief Summary

Sectigo Public Server Authentication Root R46 is missing on cacerts.p12‎

Expected Outcome

Sectigo Public Server Authentication Root R46 must be in trusted CAs

Current Outcome

If you start an application using --deployFromGAV and --additionalRepository, and SSL certificate of the specified repository has this CA, the war is not downloaded and the application stops showing message "Error getting HTTP connection response code".

This is the code that shows the error: https://github.com/payara/Payara/blob/payara-server-6.2025.10/nucleus/deployment/common/src/main/java/fish/payara/deployment/util/GAVConvertor.java#L183. Maybe this error must be more descriptive. Now you can't know why is failing (bad SSL certificate? a timeout? socket close?).

Reproducer

Start payara micro with --deployFromGAV and --additionalRepository poiting to repository with SSL cert that has Sectigo Public Server Authentication Root R46 as root CA.

Operating System

Payara micro docker version 6.2025.10

JDK Version

Payara micro docker version 6.2025.10

Payara Distribution

Payara Micro

[Elifzeynepedman]

Hi @sanchezfauste ,

Many thanks for your contribution.

To process your contribution we require that you fill out and sign the official Contributor License Agreement (CLA) as per our contribution policies. Please download the CLA form and submit it to cla@payara.org as soon as possible.

Once the document is processed by our legal team, we’ll continue with the review of your contribution.

Thank You,
Elif

[sanchezfauste]

Hi @Elifzeynepedman,

I've sent the CLA. To specified address.

Best regards,