Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8209506

Add Google Trust Services GlobalSign root certificates

XMLWordPrintable

    • b27
    • Verified

        OpenJDK should contain the same root certificates as commonly available on Linux distros, e.g. on Ubuntu in /etc/ssl/certs/java/cacerts

         $ keytool -v -list -keystore /etc/ssl/certs/java/cacerts -storepass changeit | perl -ne 'print if /^Alias.*globalsign.*r[24]/ ... /^\*/'
        Alias name: debian:globalsign_root_ca_-_r2.pem
        Creation date: Apr 19, 2015
        Entry type: trustedCertEntry

        Owner: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
        Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
        Serial number: 400000000010f8626e60d
        Valid from: Fri Dec 15 00:00:00 PST 2006 until: Wed Dec 15 00:00:00 PST 2021
        Certificate fingerprints:
        MD5: 94:14:77:7E:3E:5E:FD:8F:30:BD:41:B0:CF:E7:D0:30
        SHA1: 75:E0:AB:B6:13:85:12:27:1C:04:F8:5F:DD:DE:38:E4:B7:24:2E:FE
        SHA256: CA:42:DD:41:74:5F:D0:B8:1E:B9:02:36:2C:F9:D8:BF:71:9D:A1:BD:1B:1E:FC:94:6F:5B:4C:99:F4:2C:1B:9E
        Signature algorithm name: SHA1withRSA
        Version: 3

        Extensions:

        #1: ObjectId: 2.5.29.35 Criticality=false
        AuthorityKeyIdentifier [
        KeyIdentifier [
        0000: 9B E2 07 57 67 1C 1E C0 6A 06 DE 59 B4 9A 2D DF ...Wg...j..Y..-.
        0010: DC 19 86 2E ....
        ]
        ]

        #2: ObjectId: 2.5.29.19 Criticality=true
        BasicConstraints:[
          CA:true
          PathLen:2147483647
        ]

        #3: ObjectId: 2.5.29.31 Criticality=false
        CRLDistributionPoints [
          [DistributionPoint:
             [URIName: http://crl.globalsign.net/root-r2.crl]
        ]]

        #4: ObjectId: 2.5.29.15 Criticality=true
        KeyUsage [
          Key_CertSign
          Crl_Sign
        ]

        #5: ObjectId: 2.5.29.14 Criticality=false
        SubjectKeyIdentifier [
        KeyIdentifier [
        0000: 9B E2 07 57 67 1C 1E C0 6A 06 DE 59 B4 9A 2D DF ...Wg...j..Y..-.
        0010: DC 19 86 2E ....
        ]
        ]



        *******************************************
        Alias name: debian:globalsign_ecc_root_ca_-_r4.pem
        Creation date: Feb 24, 2016
        Entry type: trustedCertEntry

        Owner: CN=GlobalSign, O=GlobalSign, OU=GlobalSign ECC Root CA - R4
        Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign ECC Root CA - R4
        Serial number: 2a38a41c960a04de42b228a50be8349802
        Valid from: Mon Nov 12 16:00:00 PST 2012 until: Mon Jan 18 19:14:07 PST 2038
        Certificate fingerprints:
        MD5: 20:F0:27:68:D1:7E:A0:9D:0E:E6:2A:CA:DF:5C:89:8E
        SHA1: 69:69:56:2E:40:80:F4:24:A1:E7:19:9F:14:BA:F3:EE:58:AB:6A:BB
        SHA256: BE:C9:49:11:C2:95:56:76:DB:6C:0A:55:09:86:D7:6E:3B:A0:05:66:7C:44:2C:97:62:B4:FB:B7:73:DE:22:8C
        Signature algorithm name: SHA256withECDSA
        Version: 3

        Extensions:

        #1: ObjectId: 2.5.29.19 Criticality=true
        BasicConstraints:[
          CA:true
          PathLen:2147483647
        ]

        #2: ObjectId: 2.5.29.15 Criticality=true
        KeyUsage [
          Key_CertSign
          Crl_Sign
        ]

        #3: ObjectId: 2.5.29.14 Criticality=false
        SubjectKeyIdentifier [
        KeyIdentifier [
        0000: 54 B0 7B AD 45 B8 E2 40 7F FB 0A 6E FB BE 33 C9 T...E..@...n..3.
        0010: 3C A3 84 D5 <...
        ]
        ]



        *******************************************

              rhalade Rajan Halade
              martin Martin Buchholz
              Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

                Created:
                Updated:
                Resolved: