JDK-7109096 : keytool -genkeypair needn't call -selfcert
- Type: Bug
- Component: security-libs
- Sub-Component: java.security
- Affected Version: 8
- Priority: P4
- Status: Closed
- Resolution: Fixed
- OS: generic
- CPU: generic
- Submitted: 2011-11-07
- Updated: 2014-08-05
- Resolved: 2011-11-29
The Version table provides details related to the release that this issue/RFE will be addressed.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
| JDK 7 | JDK 8 |
|---|---|
7u40Fixed  |
8 b15Fixed |
Related Reports
|
Relates :
|
Description
keytool uses CertAndKeyGen to generate a basic self-signed certificate with no extensions. When -ext option was introduced, -genkeypair was implemented as original -genkeypair plus -selfcert, and extensions info was added in the -selfcert step. This means the keystore object is modified twice in this single operation. In the case of PKCS11 or MSCAPI, it is actually written to the token twice. If a token can only be written once, the action will fail.
Comments
|