Ok understand that problem with the CA Certificate. I assume that is also the reason, why the key get a new serial number ?
about java - I have used java while it was still developed by sun and also later. So I have a small history and also see how it is sometimes used today in a purpose that was not the original intention from the developers. And I also agree it is my personal issue. I still believe a p-code like language/system might be good for prototyping, but not for final solutions. C is much faster, GO might be more future oriented.
I truly believe that java anyhow has some challenges in the future as it needs to be licensed by Oracle no longer for free. So if a company today wants to update the FW from SC-HSM, they already need a business license. I assume that will influence the usage of java tremendous in the future.
What I overall don’t like, if I need to install a general purpose toolsuite, just to do a FW update.
Would there be a possibility to integrate that into the NitroKey App ? The App could handle the online connection without java.