JDK-8225099 : Tagging jdkCA certs in pkcs12 keystore differently
  • Type: Enhancement
  • Component: security-libs
  • Sub-Component: java.security
  • Priority: P4
  • Status: Closed
  • Resolution: Won't Fix
  • Submitted: 2019-05-31
  • Updated: 2021-10-13
  • Resolved: 2021-10-13
Related Reports
Relates :  
JDK-8140422 - Add mechanism to allow non default root CAs to be not subject to algorithm restrictions
Relates :  
JDK-8162628 - The CACERTS keystore type
Description
In JDK-8140422 we added the "[jdk]" suffix to the alias of a cacerts certificate entry to denote it's released with JDK. Now that we might migrate cacerts to pkcs12, we can try to find out if there is another way to do this, for example, using an attribue.
Comments
Continue using this convention for builtin root CAs in JDK.
13-10-2021