Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8243559 Remove root certificates with 1024-bit keys
  3. JDK-8256902

Release Note: Removed Root Certificates with 1024-bit Keys

    XMLWordPrintable

Details

    • Sub-task
    • Status: Closed
    • P3
    • Resolution: Delivered
    • 7u311, 8u301, 11.0.12-oracle, 16
    • 16
    • security-libs
    •  

    Backports

      Description

        The following root certificates with weak 1024-bit RSA public keys have been removed from the `cacerts` keystore:
        ```
        + alias name "thawtepremiumserverca [jdk]"
          Distinguished Name: EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA

        + alias name "verisignclass2g2ca [jdk]"
          Distinguished Name: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US

        + alias name "verisignclass3ca [jdk]"
          Distinguished Name: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US

        + alias name "verisignclass3g2ca [jdk]"
          Distinguished Name: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US

        + alias name "verisigntsaca [jdk]"
          Distinguished Name: CN=Thawte Timestamping CA, OU=Thawte Certification, O=Thawte, L=Durbanville, ST=Western Cape, C=ZA

        ```

        Attachments

          Issue Links

            Activity

              People

                mullan Sean Mullan
                mullan Sean Mullan
                Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved: