The expired root will be removed in update 18 of Java SE 6, (do out in about 5 days)
and we will also remove the cert from the Glassfish truststore.
You can also use keytool -delete to remove the cert (alias = verisignserverca) from your glassfish truststore. but you do not need to take any action, as all certs issued under the expired authority
will have also expired.
[Message sent by forum member 'monzillo' (ronald.monzillo_at_sun.com)]