JDK-8225071 : Remove two Digicert root certificates that are expiring in January 2021
  • Type: Enhancement
  • Component: security-libs
  • Sub-Component: java.security
  • Priority: P3
  • Status: Resolved
  • Resolution: Duplicate
  • Submitted: 2019-05-30
  • Updated: 2023-12-12
  • Resolved: 2020-11-09
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 16
16Resolved
Related Reports
Duplicate :  
JDK-8243559 - Remove root certificates with 1024-bit keys
Sub Tasks
JDK-8239105 :  
Add exception for expiring Digicert root certificates to VerifyCACerts test - Resolved
Description
The following two Digicert roots are expiring in Jan 2021 and needs action -

CN=Thawte Timestamping CA, OU=Thawte Certification, O=Thawte, L=Durbanville, ST=Western Cape, C=ZA

EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA

EXPIRATION DATE FOR BOTH CERTS:  1/1/2021

Please ensure not to remove the certs before the expiration date.
Comments
Following are the cacert alias for these roots: "thawtepremiumserverca [jdk]" ==> EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA "verisigntsaca [jdk]" ==> CN=Thawte Timestamping CA, OU=Thawte Certification, O=Thawte, L=Durbanville, ST=Western Cape, C=ZA
02-10-2020