JDK-8225068 : Remove DocuSign root certificate that is expiring in May 2020
  • Type: Enhancement
  • Component: security-libs
  • Sub-Component: java.security
  • Affected Version: 7,8,11,14,15
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • Submitted: 2019-05-30
  • Updated: 2022-06-27
  • Resolved: 2020-04-30
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 11 JDK 13 JDK 14 JDK 15 JDK 7 JDK 8 Other
11.0.8-oracleFixed 13.0.4Fixed 14.0.2Fixed 15 b22Fixed 7u281Fixed 8u271Fixed openjdk8u262Fixed
Sub Tasks
JDK-8225128 :  
JDK-8244166 :  
Description
The following DocuSign root certificate is expiring in May 2020 and needs action.

CN=KEYNECTIS ROOT CA, OU=ROOT, O=KEYNECTIS, C=FR

EXPIRATION DATE:   5/25/2020

Please ensure not to remove the certificate before the expiration date.
Comments
Fix Request [8u262]: Patch backports cleanly after path shuffling. Patched test fails with certificate present, passes once removed
16-06-2020

Fix request (13u) Requesting backport to 13u for parity with 11u, applies cleanly.
10-06-2020

jdk11 backport request I would like to have the patch in OpenJDK11 as well, because the issue is present there too. The patch applies cleanly.
20-05-2020

Fix Request (14u): Requesting backport of this fix to 14.0.2. The change is to remove expiring root certificate from cacerts file. Patch applies cleanly and has associated test with it for verification.
12-05-2020

URL: https://hg.openjdk.java.net/jdk/jdk/rev/fe6548dc92de User: rhalade Date: 2020-04-30 22:22:12 +0000
30-04-2020