JDK-8193890 : Release Note: JEP 319 Root Certificates
- Type: Sub-task
- Component: security-libs
- Sub-Component: java.security
- Affected Version: 9.0.4,10
- Priority: P2
- Status: Closed
- Resolution: Delivered
- Submitted: 2017-12-20
- Updated: 2019-04-09
- Resolved: 2018-10-18
The Version table provides details related to the release that this issue/RFE will be addressed.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
| JDK 10 | JDK 9 |
|---|---|
10Resolved  |
9.0.4Resolved |
Description
Provides a default set of root Certification Authority (CA) certificates in the JDK. The `cacerts` keystore of the OpenJDK 9 binary for Linux x64 has been populated by [JEP 319: Root Certificates](http://openjdk.java.net/jeps/319) [1] with a set of root certificates issued by the CAs of Oracle's Java SE Root CA Program. This addresses the problem of the empty `cacerts` keystore in the OpenJDK 9 binary for Linux x64. The empty `cacerts` keystore had prevented TLS connections from being established because Trusted Root Certificate Authorities were not installed. As a workaround for OpenJDK 9 binaries, users had to set the `javax.net.ssl.trustStore` System Property to use a different keystore. [1] https://bugs.java.com/view_bug.do?bug_id=JDK-8191486