JDK-8032835 : Security Dialogs should display OU/O field for Publisher if CN field is empty
  • Type: Enhancement
  • Component: deploy
  • Sub-Component: plugin
  • Priority: P4
  • Status: Resolved
  • Resolution: Fixed
  • Submitted: 2014-01-27
  • Updated: 2015-10-07
  • Resolved: 2014-08-26
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 8 JDK 9
8u40 b06Fixed 9Fixed
Description
The CN component of the subject field of a certificate is used as the Publisher name in a security dialog. If the CN field is missing, "Unknown" will be displayed, which is not user-friendly. Also there are additional components in the distinguished name that can be used to identify the certificate's subject.

If the CN field is empty, I think we should display the OU field (and maybe the O field as well).

This is likely to become a more common scenario. The CA/Browser Forum has made a recommendation discouraging the use of the CN field in section 9.2.2 of the baseline requirements v1.1.6 and 9.2.3 of the EV Code Signing Guidelines:

https://cabforum.org/Baseline_Requirements_V1.pdf���
https://cabforum.org/wp-content/uploads/EV_Code_Signing_Guidelines_v1_1.pdf