JDK-8191031 : Remove several Symantec Root CAs
  • Type: Enhancement
  • Component: security-libs
  • Sub-Component: java.security
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • Submitted: 2017-11-09
  • Updated: 2019-05-17
  • Resolved: 2018-05-31
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 11 JDK 6 JDK 7 JDK 8 Other
11 b17Fixed 6u211Fixed 7u201Fixed 8u191Fixed openjdk8u222Fixed
Related Reports
Relates :  
Relates :  
Relates :  
Sub Tasks
JDK-8204102 :  
Symantec has informed us that we should remove several roots from the JDK as they have 1024-bit keys and/or are no longer in use. The cacerts aliases are:  equifaxsecureglobalebusinessca1, equifaxsecureebusinessca1, 
verisignclass2g2ca, verisignclass1g3ca, verisignclass2g3ca, verisignclass1g2ca, and verisignclass1ca

See comments for more details.

We should also remove equifaxsecureca. See comment from 2018-05-30 for more details.
Fix Request: Backport to OpenJDK 8 will be resolved with push for JDK-8189131.