-
Enhancement
-
Resolution: Fixed
-
P1
-
1.4.2
-
17
-
x86
-
windows_2000
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-2117864 | 1.4.2_04 | Hao Dong | P1 | Closed | Fixed | 04 |
| JDK-2117863 | 1.4.2_03 | Hao Dong | P1 | Resolved | Fixed | 03 |
| JDK-2117862 | 1.4.1_06 | Hao Dong | P1 | Closed | Fixed | 06 |
| JDK-2117861 | 1.4.1_03 | Hao Dong | P1 | Resolved | Fixed | 03 |
| JDK-2117860 | 1.4.1_02 | Hao Dong | P1 | Resolved | Fixed | 02 |
| JDK-2117859 | 1.3.1_10 | Hao Dong | P1 | Resolved | Fixed | 10 |
A DESCRIPTION OF THE REQUEST :
The CA certificates provided in an installation of the J2SE runtime need to be refreshed with those currently used by Verisign, etc. For example, all but two of the Verisign CA certificates stored in a standard installation of the cacerts file are expired or due to expire in January of 2004. New versions of all of these expiring certificates are available and for the most part have been available for about seven years.
JUSTIFICATION :
Adding these certificates will make it so that a standard installation of J2SE can converse with SSL servers with recently signed certificates. Without these additions, applets and applications need to "patch" the cacerts file on every installation to assure that the CA certificates which are currently in use will be supported.
CUSTOMER SUBMITTED WORKAROUND :
A workaround is to "patch" the cacerts file with the CA certificate being used. Mind you, keytool does not have an end-user friendly interface.
(Incident Review ID: 207526)
======================================================================
- backported by
-
JDK-2117859 Ship currently published CA certificates in cacerts file
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-
-
-
- Closed
-
-
-
- Closed
-
- relates to
-
JDK-4686264 Update cacerts with new VeriSign ca certs
-
- Resolved
-