Details
-
Enhancement
-
Resolution: Fixed
-
P2
-
11
-
b27
-
Verified
Backports
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-8209510 | 12 | Rajan Halade | P2 | Resolved | Fixed | b08 |
| JDK-8209718 | 11.0.2 | Rajan Halade | P2 | Resolved | Fixed | b01 |
| JDK-8209729 | 11.0.1 | Rajan Halade | P2 | Resolved | Fixed | b07 |
| JDK-8223846 | openjdk8u222 | Rajan Halade | P2 | Resolved | Fixed | b03 |
Description
OpenJDK should contain the same root certificates as commonly available on Linux distros, e.g. on Ubuntu in /etc/ssl/certs/java/cacerts
$ keytool -v -list -keystore /etc/ssl/certs/java/cacerts -storepass changeit | perl -ne 'print if /^Alias.*globalsign.*r[24]/ ... /^\*/'
Alias name: debian:globalsign_root_ca_-_r2.pem
Creation date: Apr 19, 2015
Entry type: trustedCertEntry
Owner: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Serial number: 400000000010f8626e60d
Valid from: Fri Dec 15 00:00:00 PST 2006 until: Wed Dec 15 00:00:00 PST 2021
Certificate fingerprints:
MD5: 94:14:77:7E:3E:5E:FD:8F:30:BD:41:B0:CF:E7:D0:30
SHA1: 75:E0:AB:B6:13:85:12:27:1C:04:F8:5F:DD:DE:38:E4:B7:24:2E:FE
SHA256: CA:42:DD:41:74:5F:D0:B8:1E:B9:02:36:2C:F9:D8:BF:71:9D:A1:BD:1B:1E:FC:94:6F:5B:4C:99:F4:2C:1B:9E
Signature algorithm name: SHA1withRSA
Version: 3
Extensions:
#1: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 9B E2 07 57 67 1C 1E C0 6A 06 DE 59 B4 9A 2D DF ...Wg...j..Y..-.
0010: DC 19 86 2E ....
]
]
#2: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
]
#3: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://crl.globalsign.net/root-r2.crl]
]]
#4: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
Crl_Sign
]
#5: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 9B E2 07 57 67 1C 1E C0 6A 06 DE 59 B4 9A 2D DF ...Wg...j..Y..-.
0010: DC 19 86 2E ....
]
]
*******************************************
Alias name: debian:globalsign_ecc_root_ca_-_r4.pem
Creation date: Feb 24, 2016
Entry type: trustedCertEntry
Owner: CN=GlobalSign, O=GlobalSign, OU=GlobalSign ECC Root CA - R4
Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign ECC Root CA - R4
Serial number: 2a38a41c960a04de42b228a50be8349802
Valid from: Mon Nov 12 16:00:00 PST 2012 until: Mon Jan 18 19:14:07 PST 2038
Certificate fingerprints:
MD5: 20:F0:27:68:D1:7E:A0:9D:0E:E6:2A:CA:DF:5C:89:8E
SHA1: 69:69:56:2E:40:80:F4:24:A1:E7:19:9F:14:BA:F3:EE:58:AB:6A:BB
SHA256: BE:C9:49:11:C2:95:56:76:DB:6C:0A:55:09:86:D7:6E:3B:A0:05:66:7C:44:2C:97:62:B4:FB:B7:73:DE:22:8C
Signature algorithm name: SHA256withECDSA
Version: 3
Extensions:
#1: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
]
#2: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
Crl_Sign
]
#3: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 54 B0 7B AD 45 B8 E2 40 7F FB 0A 6E FB BE 33 C9 T...E..@...n..3.
0010: 3C A3 84 D5 <...
]
]
*******************************************
$ keytool -v -list -keystore /etc/ssl/certs/java/cacerts -storepass changeit | perl -ne 'print if /^Alias.*globalsign.*r[24]/ ... /^\*/'
Alias name: debian:globalsign_root_ca_-_r2.pem
Creation date: Apr 19, 2015
Entry type: trustedCertEntry
Owner: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Serial number: 400000000010f8626e60d
Valid from: Fri Dec 15 00:00:00 PST 2006 until: Wed Dec 15 00:00:00 PST 2021
Certificate fingerprints:
MD5: 94:14:77:7E:3E:5E:FD:8F:30:BD:41:B0:CF:E7:D0:30
SHA1: 75:E0:AB:B6:13:85:12:27:1C:04:F8:5F:DD:DE:38:E4:B7:24:2E:FE
SHA256: CA:42:DD:41:74:5F:D0:B8:1E:B9:02:36:2C:F9:D8:BF:71:9D:A1:BD:1B:1E:FC:94:6F:5B:4C:99:F4:2C:1B:9E
Signature algorithm name: SHA1withRSA
Version: 3
Extensions:
#1: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 9B E2 07 57 67 1C 1E C0 6A 06 DE 59 B4 9A 2D DF ...Wg...j..Y..-.
0010: DC 19 86 2E ....
]
]
#2: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
]
#3: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://crl.globalsign.net/root-r2.crl]
]]
#4: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
Crl_Sign
]
#5: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 9B E2 07 57 67 1C 1E C0 6A 06 DE 59 B4 9A 2D DF ...Wg...j..Y..-.
0010: DC 19 86 2E ....
]
]
*******************************************
Alias name: debian:globalsign_ecc_root_ca_-_r4.pem
Creation date: Feb 24, 2016
Entry type: trustedCertEntry
Owner: CN=GlobalSign, O=GlobalSign, OU=GlobalSign ECC Root CA - R4
Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign ECC Root CA - R4
Serial number: 2a38a41c960a04de42b228a50be8349802
Valid from: Mon Nov 12 16:00:00 PST 2012 until: Mon Jan 18 19:14:07 PST 2038
Certificate fingerprints:
MD5: 20:F0:27:68:D1:7E:A0:9D:0E:E6:2A:CA:DF:5C:89:8E
SHA1: 69:69:56:2E:40:80:F4:24:A1:E7:19:9F:14:BA:F3:EE:58:AB:6A:BB
SHA256: BE:C9:49:11:C2:95:56:76:DB:6C:0A:55:09:86:D7:6E:3B:A0:05:66:7C:44:2C:97:62:B4:FB:B7:73:DE:22:8C
Signature algorithm name: SHA256withECDSA
Version: 3
Extensions:
#1: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
]
#2: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
Crl_Sign
]
#3: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 54 B0 7B AD 45 B8 E2 40 7F FB 0A 6E FB BE 33 C9 T...E..@...n..3.
0010: 3C A3 84 D5 <...
]
]
*******************************************
Attachments
Issue Links
- backported by
-
JDK-8209510 Add Google Trust Services GlobalSign root certificates
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-
- duplicates
-
JDK-8210002 JDK 11 fails to connect to www.googleapis.com
-
- Closed
-
- relates to
-
-
- Resolved
-
-
JDK-8191486 JEP 319: Root Certificates
-
- Closed
-
(2 relates to)