Public-key cryptography is used widely on the Internet. When the web browser opens a secured website, it checks the server-side certificate against the website domain name. To perform such checks, all web browsers have a list of Certificate Authority (CA) certificates that may be used to sign server-side certificates of websites. Such checks may be disabled but they are a necessary part of secure web browsing, client banking, and so on.

When website access is used by a Java program (for example, to download a file from a secure site), programs such as the browser in the preceding example should check the site certificate. Such a check is usually performed by the underlying SSL API implementation, and with the browser, ...