The most recent Java update added the DST (IdenTrust) root certificate. Of course it's going to take a while until that version is widely deployed, but this gives vendors the option to tell API consumers to just update Java (as opposed to manually modifying the key store), so that should help with adoption.