JDK-8223499 : Remove two DocuSign root certificates that are expiring
  • Type: Bug
  • Component: security-libs
  • Sub-Component: java.security
  • Affected Version: 7-pool,8-pool,11-pool,12-pool,13
  • Priority: P3
  • Status: Closed
  • Resolution: Fixed
  • Submitted: 2019-05-07
  • Updated: 2019-08-14
  • Resolved: 2019-05-16
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 11 JDK 12 JDK 13 JDK 7 JDK 8 Other
11.0.4-oracleFixed 12.0.2Fixed 13 b22Fixed 7u231Fixed 8u221Fixed openjdk8u222Fixed
Related Reports
Duplicate :  
Sub Tasks
JDK-8224004 :  
The following root certificates (subject DNs below) are expiring on Sat Jul 06 16:59:59 PDT 2019:

1. CN=Class 2 Primary CA, O=Certplus, C=FR
2. CN=Class 3P Primary CA, O=Certplus, C=FR

Technically we're past the point of taking in non-critical fixes, but I'm making an exception for expiring cert removal.

JDK 12u Fix Request: Removal of expiring certificates

Fix Request: This update for OpenJDK's root certificates has to be brought down to jdk8 and jdk11 updates. Patch applies cleanly.

Following are corresponding alias in cacerts file 1. "certplusclass2primaryca [jdk]" : "CN=Class 2 Primary CA, O=Certplus, C=FR" 2. "certplusclass3pprimaryca [jdk]" : "CN=Class 3P Primary CA, O=Certplus, C=FR" This fix will remove these two roots from cacerts file.