Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8275252

Migrate cacerts from JKS to password-less PKCS12

XMLWordPrintable

      The cacerts file contains builtin root CA certs in OpenJDK. It's now in JKS format and there are 2 problems:

      1. JKS is an obsolete keystore type.
      2. It's protected by a weak and well-known password "changeit".

      We intend to migrate the file into a password-less PKCS12 file so that it can be continuously loaded with a null store password.

            weijun Weijun Wang
            weijun Weijun Wang
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: