United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
Bug ID: JDK-6904162 Add new VeriSign root CA certificates to JRE and remove some old/unused ones
JDK-6904162 : Add new VeriSign root CA certificates to JRE and remove some old/unused ones

Details
Type:
Enhancement
Submit Date:
2009-11-23
Status:
Resolved
Updated Date:
2010-05-09
Project Name:
JDK
Resolved Date:
2009-12-23
Component:
security-libs
OS:
solaris_9,generic
Sub-Component:
java.security
CPU:
sparc,generic
Priority:
P3
Resolution:
Fixed
Affected Versions:
6,7
Fixed Versions:
6u19 (b01)

Related Reports
Backport:
Backport:
Backport:
Backport:
Duplicate:
Relates:
Relates:

Sub Tasks

Description
We need to add a number of new VeriSign root CA certificates to the JRE in order to support extended validation certificates and other recent certificates that VeriSign has or will begin issuing under these new roots. There are also a few root certificates that we can remove because they were never put in production or are no longer applicable. Also some of the new root certificates will replace existing certificates and have stronger digest algorithms (SHA-1 instead of MD5).

                                    

Comments
EVALUATION

For JRE 6, the following new aliases were added to the cacerts file:

verisignuniversalrootca
verisignclass3g5ca
thawteprimaryrootca
geotrustprimaryca
geotrustprimarycag3
thawteprimaryrootcag3
geotrustuniversalca 

The following aliases were removed because their root certs are not applicable or were never put into production:

thawtepersonalbasicca
thawtepersonalpremiumca
verisignclass2ca

The following aliases were replaced with certificates signed with stronger (SHA1withRSA instead of MD*withRSA) algorithms:

thawtepersonalfreemailca
thawtepremiumserverca
thawteserverca
verisignclass1ca
verisignclass3ca
                                     
2009-12-02
EVALUATION

"equifaxsecureebusinessca2" was also removed as it is no longer used.
                                     
2010-04-27



Hardware and Software, Engineered to Work Together