JDK-6520740 : cacerts contains an expired certificate
  • Type: Bug
  • Component: security-libs
  • Sub-Component: java.security
  • Affected Version: 6
  • Priority: P3
  • Status: Closed
  • Resolution: Duplicate
  • OS: windows_xp
  • CPU: x86
  • Submitted: 2007-02-02
  • Updated: 2010-04-03
  • Resolved: 2007-02-02
Related Reports
Duplicate :  
JDK-6321453 - Remove GTE CyberTrust root CA cert after it expires
Description
Scenario:  Use keytool to list the contents of <JAVA_HOME>/jre/lib/security/cacerts and check if any certificates have expired

Expected Outcome: No certificate should be expired.

Actual Outcome: One certificate has expired. Details are below:

Alias name: gtecybertrustca
Creation date: 10-May-2002
Entry type: trustedCertEntry

Owner: CN=GTE CyberTrust Root, O=GTE Corporation, C=US
Issuer: CN=GTE CyberTrust Root, O=GTE Corporation, C=US
Serial number: 1a3
Valid from: Sat Feb 24 04:31:00 IST 1996 until: Fri Feb 24 05:29:00 IST 2006
Certificate fingerprints:
	 MD5:  C4:D7:F0:B2:A3:C5:7D:61:67:F0:04:CD:43:D3:BA:58
	 SHA1: 90:DE:DE:9E:4C:4E:9F:6F:D8:86:17:57:9D:D3:91:BC:65:A6:89:64
	 Signature algorithm name: MD5withRSA
	 Version: 1

Steps to reproduce:

1. Install the above specified java build and set PATH to java executable

2. Execute the below command:
   >>keytool -list -v -keystore <JAVA_HOME>/jre/lib/security/cacerts -storepass changeit > cacerts.txt 2>&1

cacerts.txt indicates that the aforementioned certificate is expired.
Comments
WORK AROUND None.
02-02-2007