Loading...

XML

Word

Printable

Type: Bug
Resolution: Fixed
Priority: P3
Fix Version/s: 13
Affects Version/s: 7-pool, 8-pool, 11-pool, 12-pool, 13
Component/s: security-libs
Labels:

Subcomponent:
java.security
Resolved In Build:
b21
Verification:
Verified

Issue	Fix Version	Assignee	Priority	Status	Resolution	Resolved In Build
JDK-8228956	12u-cpu	Rajan Halade	P3	Resolved	Fixed	master
JDK-8223972	12.0.2	Sean Coffey	P3	Resolved	Fixed	b03
JDK-8228201	11.0.6-oracle	Sean Coffey	P3	Resolved	Fixed	b01
JDK-8224237	11.0.5-oracle	Sean Coffey	P3	Resolved	Fixed	b02
JDK-8224938	11.0.4-oracle	Sean Coffey	P3	Resolved	Fixed	b07
JDK-8223973	11.0.4	Christoph Langer	P3	Resolved	Fixed	b04
JDK-8224102	openjdk8u222	Christoph Langer	P3	Resolved	Fixed	b03
JDK-8223974	8u231	Sean Coffey	P3	Resolved	Fixed	b01
JDK-8224903	8u221	Sean Coffey	P3	Resolved	Fixed	b07
JDK-8229683	emb-8u231	Sean Coffey	P3	Resolved	Fixed	b01
JDK-8227164	emb-8u221	Sean Coffey	P3	Resolved	Fixed	b07
JDK-8223975	7u241	Sean Coffey	P3	Resolved	Fixed	b01
JDK-8224929	7u231	Sean Coffey	P3	Resolved	Fixed	b07

The following root certificates (subject DNs below) are expiring on Jul 09 2019:

1. CN=UTN-USERFirst-Client Authentication and Email, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
2. CN=UTN-USERFirst-Hardware, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
3. CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US

The replacement root (for all 3) is "USERTrust RSA Certification Authority" (https://crt.sh/?id=1199354), which is already in the Java root store.

The first two roots can be safely removed after they expire. However, the 3rd root should be retained since there were many code signing certificates issued that chain back to this root and removing this root could break signed code that was also timestamped and is still in use. In this case, the root CA is still needed in order to properly verify the certificate chain.

backported by

JDK-8223972 Remove two Comodo root CA certificates that are expiring

Resolved

JDK-8223973 Remove two Comodo root CA certificates that are expiring

Resolved

JDK-8223974 Remove two Comodo root CA certificates that are expiring

Resolved

JDK-8223975 Remove two Comodo root CA certificates that are expiring

Resolved

JDK-8224102 Remove two Comodo root CA certificates that are expiring

Resolved

JDK-8224237 Remove two Comodo root CA certificates that are expiring

Resolved

JDK-8224903 Remove two Comodo root CA certificates that are expiring

Resolved

JDK-8224929 Remove two Comodo root CA certificates that are expiring

Resolved

JDK-8224938 Remove two Comodo root CA certificates that are expiring

Resolved

JDK-8227164 Remove two Comodo root CA certificates that are expiring

Resolved

JDK-8228201 Remove two Comodo root CA certificates that are expiring

Resolved

JDK-8228956 Remove two Comodo root CA certificates that are expiring

Resolved

JDK-8229683 Remove two Comodo root CA certificates that are expiring

Resolved

relates to

JDK-8222133 Add temporary exceptions for root certs that are due to expire soon

Resolved

(8 backported by, 1 relates to)

There are no Sub-Tasks for this issue.

Assignee:: Rajan Halade

Reporter:: Sean Mullan

Votes:: 0 Vote for this issue

Watchers:: 7 Start watching this issue

Created:: 2019-04-08 10:40

Updated:: 2019-08-14 01:11

Resolved:: 2019-05-15 13:25

Details

Backports

Description

Attachments

Issue Links

Sub-Tasks

Activity

People

Dates