JDK-8195774 : Add Entrust root certificates
  • Type: Enhancement
  • Component: security-libs
  • Sub-Component: java.security
  • Affected Version: 11
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • Submitted: 2018-01-19
  • Updated: 2019-05-14
  • Resolved: 2018-06-28
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 11 JDK 12 Other
11Fixed 12 b01Fixed openjdk8u222Fixed
Related Reports
Relates :  
Sub Tasks
JDK-8205949 :  
The following Entrust roots (identified by the keystore alias) should be added to the cacerts keystore in OpenJDK now that the proper agreements are in place: entrustrootcaec1, entrust2048ca, entrustrootcag2, entrustevca, affirmtrustnetworkingca, affirmtrustpremiumca, affirmtrustcommercialca, affirmtrustpremiumeccca
Fix Request: Backport to OpenJDK 8 will be resolved with push for JDK-8189131.

Entrust is among the leaders in CA marketshare. Adding these now will eliminate the risk that TLS certs issued by these CAs won���t work out-of-the-box on OpenJDK 11 binaries.

Late Enhancement Request: Justification: This fix is required to add CA to OpenJDK cacerts file. Oracle JDK had these CAs included so the risk is minimal. Estimate: The fix is ready in JDK 12.