JDK-8222137 : Remove T-Systems root CA certificate
  • Type: Bug
  • Component: security-libs
  • Sub-Component: java.security
  • Affected Version: 7-pool,8-pool,11-pool,12-pool,13
  • Priority: P3
  • Status: Closed
  • Resolution: Fixed
  • Submitted: 2019-04-08
  • Updated: 2019-08-14
  • Resolved: 2019-05-01
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 11 JDK 12 JDK 13 JDK 7 JDK 8 Other
11.0.4-oracleFixed 12.0.2Fixed 13 b19Fixed 7u231Fixed 8u221Fixed openjdk8u222Fixed
Related Reports
Relates :  
JDK-8222133 - Add temporary exceptions for root certs that are due to expire soon
Sub Tasks
JDK-8223161 :  
Release Note: Removal of T-Systems Deutsche Telekom Root CA 2 Certificate - Closed
Description
The following root certificate (subject DN below) is expiring on Jul 09 2019 and should be removed: 

CN=Deutsche Telekom Root CA 2, OU=T-TeleSec Trust Center, O=Deutsche Telekom AG, C=DE
Comments
Fix Request: remove expiring certificate from cacerts
02-05-2019
Fix Request: This certificate update should be brought to jdk11u as well. Patch applies cleanly. Risk is low. Backport to OpenJDK 8 will be resolved with push for JDK-8189131.
02-05-2019
The corresponding alias in cacerts file is: "deutschetelekomrootca2 [jdk]" with fingerprint: SHA256: B6:19:1A:50:D0:C3:97:7F:7D:A9:9B:CD:AA:C8:6A:22:7D:AE:B9:67:9E:C7:0B:A3:B0:C9:D9:22:71:C1:70:D3
30-04-2019