JDK-8141457 : keytool default cert fingerprint algorithm should be SHA-256
  • Type: Enhancement
  • Component: security-libs
  • Sub-Component: java.security
  • Affected Version: 9
  • Priority: P4
  • Status: Resolved
  • Resolution: Fixed
  • Submitted: 2015-11-04
  • Updated: 2022-05-27
  • Resolved: 2015-12-02
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 7 JDK 8 JDK 9 Other
7u281Fixed 8u271Fixed 9 b96Fixed openjdk8u292Fixed
Related Reports
Blocks :  
Duplicate :  
Relates :  
Relates :  
Relates :  
Relates :  
Sub Tasks
JDK-8249595 :  
JDK-8249597 :  
Description
The default fingerprint for certificates printed by keytool should be changed to SHA-256. This should be changed for JDK 9. It is probably not necessary to backport to prior releases, as the SHA-256 fingerprint is also printed if you specify the -v option.

Also, the MD5 fingerprint should be removed (shown when the -v option is specified).
Comments
CSR for JDK 8: https://bugs.openjdk.java.net/browse/JDK-8249541
02-12-2020

Fix Request (8u) I would like to backport this patch to 8u for parity with Oracle 8u270. The 8u patch has been reviewed and approved by @phh
25-11-2020

8u review approval: https://mail.openjdk.java.net/pipermail/jdk8u-dev/2020-November/013103.html
25-11-2020

8u code review: https://mail.openjdk.java.net/pipermail/jdk8u-dev/2020-July/012205.html
16-09-2020

URL: http://hg.openjdk.java.net/jdk9/jdk9/jdk/rev/97b25277c28f User: lana Date: 2015-12-10 00:27:01 +0000
10-12-2015

URL: http://hg.openjdk.java.net/jdk9/dev/jdk/rev/97b25277c28f User: weijun Date: 2015-12-02 08:45:56 +0000
02-12-2015