JDK-8210432 : Add additional TeliaSonera root certificate
  • Type: Bug
  • Component: security-libs
  • Sub-Component: java.security
  • Affected Version: 11,12
  • Priority: P2
  • Status: Closed
  • Resolution: Fixed
  • Submitted: 2018-09-05
  • Updated: 2024-06-07
  • Resolved: 2018-09-06
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 11 JDK 12 JDK 7 JDK 8 Other
11.0.1Fixed 12 b11Fixed 7-poolResolved 8-poolResolved openjdk8u222Fixed
Related Reports
Relates :  
JDK-8322704 - TeliaSonera root CA v2 is missing in cacerts
Relates :  
JDK-8333640 - security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#teliasonerarootcav1 fails
Sub Tasks
JDK-8210436 :  
Release Note: Added Additional TeliaSonera Root Certificate - Closed
Description
Following TeliaSonera certificate needs to be added to cacerts.

Owner: CN=TeliaSonera Root CA v1, O=TeliaSonera
Serial number: 95be16a0f72e46f17b398272fa8bcd96
Comments
Replied on linked bug JDK-8333640
07-06-2024
We see for some days errors in the jtreg test security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#teliasonerarootcav1 . stdout says : ===================================================== CONFIGURATION ===================================================== http.proxyHost :null http.proxyPort :null https.proxyHost :null https.proxyPort :null https.socksProxyHost :null https.socksProxyPort :null jdk.certpath.disabledAlgorithms :MD2, MD5, SHA1 jdkCA & usage TLSServer, RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224, SHA1 usage SignedJAR & denyAfter 2019-01-01 com.sun.security.enableCRLDP :false ocsp.enable :true ===================================================== ===== Validate https://juolukka.cover.sonera.net:10443===== Finding intermediate certificate issued by CA Checking: CN=cps.trust.telia.com Issuer: CN=Telia Domain Validation CA v3, O=Telia Finland Oyj, C=FI Checking: CN=Telia Domain Validation CA v3, O=Telia Finland Oyj, C=FI Issuer: CN=Telia Root CA v2, O=Telia Finland Oyj, C=FI Checking: CN=Telia Root CA v2, O=Telia Finland Oyj, C=FI Issuer: CN=TeliaSonera Root CA v1, O=TeliaSonera Found intermediate root CA: CN=Telia Root CA v2, O=Telia Finland Oyj, C=FI intermediate CA Issuer: CN=TeliaSonera Root CA v1, O=TeliaSonera Verified: Intermediate CA signed by test root CA ======> SUCCESS ===== Validate https://juolukka.cover.sonera.net:10444===== SSLHandshakeException: (certificate_revoked) PKIX path validation failed: java.security.cert.CertPathValidatorException: Certificate has been revoked, reason: UNSPECIFIED, revocation date: Sat Jun 01 04:22:03 CEST 2024, authority: CN=Telia Domain Validation CA v3 OCSP responder, O=Telia Finland Oyj, C=FI, extension OIDs: [] Certificate is revoked Finding intermediate certificate issued by CA Checking: CN=cps.trust.telia.com Issuer: CN=Telia Domain Validation CA v3, O=Telia Finland Oyj, C=FI Checking: CN=Telia Domain Validation CA v3, O=Telia Finland Oyj, C=FI Issuer: CN=Telia Root CA v2, O=Telia Finland Oyj, C=FI Does it have to do with the revocation date: Sat Jun 01 04:22:03 CEST 2024, ?
05-06-2024
Fix Request: Backport to OpenJDK 8 will be resolved with push for JDK-8189131.
02-05-2019
URL: http://hg.openjdk.java.net/jdk/jdk/rev/0f921a6707d9 User: rhalade Date: 2018-09-06 04:06:20 +0000
06-09-2018