-
Type:
Enhancement
-
Resolution: Fixed
-
Priority:
P3
-
Affects Version/s: None
-
Component/s: security-libs
-
b20
The cacerts file contains builtin root CA certs in OpenJDK. It's now in JKS format and there are 2 problems:
1. JKS is an obsolete keystore type.
2. It's protected by a weak and well-known password "changeit".
We intend to migrate the file into a password-less PKCS12 file so that it can be continuously loaded with a null store password.
1. JKS is an obsolete keystore type.
2. It's protected by a weak and well-known password "changeit".
We intend to migrate the file into a password-less PKCS12 file so that it can be continuously loaded with a null store password.
- csr for
-
JDK-8275253 Migrate cacerts from JKS to password-less PKCS12
-
- Closed
-
- relates to
-
JDK-8329950 Update the store type created in TrustStoreDescriptor.createInstance
-
- Open
-
-
-
- In Progress
-
