In at least one case in the JSSE Reference Guide, sample certificates are created using md5WithRSAEncryption as the signature algorithm. These certificates are probably from much older revisions of the JSSE Reference Guide, but have worked up through JDK 8 Update 40 because the default jdk.certpath.disabledAlgorithms Security property did not include MD5.

In JDK 9 MD5 is now one of the certpath disabled algorithms. The JSSE Reference Guide should not have PEM encoded certificates that use MD5-based signatures and keytool commands or other methods where certificates are generated should be updated to use SHA-256-based signing algorithms.