This is part of pre-trusted certificate RFE (6569795).
If the certificate is in our pre-trusted list, it will be automcatically trusted and stored in user's trusted keystore, we need to find a way to revoke it if the key is lost or any other reason.
If revocation check (OCSP and CRL) is not enabled by user, we won't be able to do that, so we have to do revocation check (OCSP and CRL) weekly automatically for those pre-trusted certificate.
We decided to do revocation check only the first time when we encounter the pre-trusted certificate, not weekly.
We are going to skip the intermediate certificate revocation check for pre-trusted certificate as well (if user didn't enable OCSP and CRL setting using Java control panel).
I will fix it in 6u11 b02.
We will use hard-coded jurisdiction string instead of parsing trusted.publishers file in user's machine, this is requested by security team, we are going to move back to jurisdiction file in later release.