A lot of company applications are actually using the Java Runtime Environment (JRE) and a lot of them are integrated in the Internet Explorer using local adresses. When you open these kind of applications you will receive an error message that the application can not be trusted eventhough you provided your own root certificates by group policies. One big problem of the JRE is that it completelly ignores the Windows certificate stores. Instead of using the windows certificate store it uses its own implementation.
Java certificates are stored in a file called cacerts located at C:\Program Files (x86)\Java\jre1.x.x_xxx\lib\security\ You can open javacpl.exe to get a graphical overview about the content: