JDK-8194693 : jdk considers one of its own root certificates insufficiently secure
  • Type: Bug
  • Component: security-libs
  • Sub-Component: java.security
  • Priority: P3
  • Status: Closed
  • Resolution: Not an Issue
  • Submitted: 2018-01-06
  • Updated: 2018-01-19
  • Resolved: 2018-01-09
Related Reports
Relates :  
JDK-8195793 - Remove GTE CyberTrust Global Root
Relates :  
JDK-8189131 - Open-source the Oracle JDK Root Certificates
Description
One of the root certificates in the cacerts file doesn't pass the jdk's own security tests:

~/jdk/jdk11/bin/keytool -importkeystore -srckeystore src/java.base/share/lib/security/cacerts -srcstorepass changeit -destkeystore /tmp/t1.jks -deststorepass changeit 

...
Import command completed:  80 entries successfully imported, 0 entries failed or cancelled

Warning:
<gtecybertrustglobalca [jdk]> uses the MD5withRSA signature algorithm which is considered a security risk.
Comments
Thanks, Weijun, that's starting to make sense to me. One of the reasons we ordinary users might be confused is because we're thinking of "keystore conversion" where the old and new data is of equal value, but you security experts are probably thinking of the target keystore as a valuable property that must be carefully guarded.
09-01-2018
Martin, keytool will not show this warning on an existing trusted cert. Precisely: 1) "keytool -importcert -trustcacerts" if the new cert chains to a root CA cert using a weak alg 2) if the cert using a weak alg is a TrustedCertificateEntry already in the current working keystore In your case, you are importing certs from one keystore to another, so the cert using MD5withRSA is still not in the current working keystore (i.e. destkeystore) yet and considered a "new" cert. I think a warning is reasonable here because new certs should not use that algorithm anymore. After the import, the cert becomes "old" and you will see "keytool -list" does not show the warning anymore.
09-01-2018
Thanks, Sean. Feel free to close this as Working as Intended. I would probably drop such certs more aggressively, if only to prevent Fear and Uncertainty.
08-01-2018
The "gtecybertrustglobalca [jdk]" certificate is due to expire soon and be removed. However, the signature of root certificates bundled with the JDK is not critical to security. The fingerprints of root certificates are manually checked before they are added to the JDK. Once in the JDK, the keys are trusted by default by being part of the installed JDK, and the signature algorithm doesn't matter. But one should still make that trust decision on their own; hence the warning.
08-01-2018