-
CSR
-
Resolution: Approved
-
P2
-
None
-
behavioral
-
minimal
-
This change is being done in the same release, so compatibility impact should be minimal.
-
System or security property
-
JDK
Summary
Change the Entrust TLS server certificate distrust date from November 1 to November 12, 2024. See https://bugs.openjdk.org/browse/JDK-8337664 for details on the original distrust issue.
Problem
Google has changed their distrust date for Entrust TLS server certificates from November 1 to November 12, 2024 [1]. Entrust has also changed the date they plan to use SSL.com as the issuing CA for public TLS server certificates to November 12 [2]. Accordingly, to align with those updated dates, we will change our distrust date to November 12, 2024.
[1] https://security.googleblog.com/2024/06/sustaining-digital-certificate-security.html [2] https://www.entrust.com/tls-certificate-information-center
Solution
Change the Entrust TLS server certificate distrust date from November 1 to November 12, 2024.
Specification
Change the distrust date in the java.security configuration file:
diff --git a/src/java.base/share/conf/security/java.security b/src/java.base/share/conf/security/java.security
index 9651ae2d373..e9af7cc108c 100644
--- a/src/java.base/share/conf/security/java.security
+++ b/src/java.base/share/conf/security/java.security
@@ -1358,7 +1358,7 @@ jdk.sasl.disabledMechanisms=
# Distrust after December 31, 2019.
#
# ENTRUST_TLS : Distrust TLS Server certificates anchored by
-# an Entrust root CA and issued after October 31, 2024.
+# an Entrust root CA and issued after November 11, 2024.
#
# Leading and trailing whitespace surrounding each value are ignored.
# Unknown values are ignored. If the property is commented out or set to the - csr of
-
JDK-8341059 Change Entrust TLS distrust date to November 12, 2024
-
- Resolved
-