JDK-8243493 : Tools shouldn't warn for weak algorithms in cacerts
  • Type: Bug
  • Component: security-libs
  • Sub-Component: java.security
  • Affected Version: 15
  • Priority: P3
  • Status: Closed
  • Resolution: Won't Fix
  • Submitted: 2020-04-23
  • Updated: 2020-10-26
  • Resolved: 2020-06-17
Related Reports
Relates :  
Relates :  
Relates :  
We get following warning while listing cacerts file entries. This will cause more questions to be raised for us to answer. For instance, "if cacerts have weaker keys then when will they be updated".

<thawtepremiumserverca [jdk]> uses a 1024-bit RSA key which is considered a security risk. This key size will be disabled in a future update

As far as I understand, disabling 1024 keys will not affect CA certificates. Should we have skipped cacerts keystore? 
Not sure if we will disable other truststores from having weaker algorithms. if we won't disable then these warnings should be skipped for all truststores.