JDK-8256902 : Release Note: Removed Root Certificates with 1024-bit Keys
  • Type: Sub-task
  • Component: security-libs
  • Sub-Component: java.security
  • Affected Version: 7u311,8u301,11.0.12-oracle,16
  • Priority: P3
  • Status: Closed
  • Resolution: Delivered
  • Submitted: 2020-11-23
  • Updated: 2021-12-03
  • Resolved: 2021-12-03
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 11 JDK 7 JDK 8
11.0.12-oracleResolved 7u311Resolved 8u301Resolved
Description
The following root certificates with weak 1024-bit RSA public keys have been removed from the `cacerts` keystore:
```
+ alias name "thawtepremiumserverca [jdk]"
  Distinguished Name: EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA

+ alias name "verisignclass2g2ca [jdk]"
  Distinguished Name: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US

+ alias name "verisignclass3ca [jdk]"
  Distinguished Name: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US

+ alias name "verisignclass3g2ca [jdk]"
  Distinguished Name: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US

+ alias name "verisigntsaca [jdk]"
  Distinguished Name: CN=Thawte Timestamping CA, OU=Thawte Certification, O=Thawte, L=Durbanville, ST=Western Cape, C=ZA

```
Comments
Additional RN content for 7u311 and 8u301 backports is provided in JDK-8270384 and JDK-8270385.
14-07-2021