JDK-8222133 : Add temporary exceptions for root certs that are due to expire soon
  • Type: Bug
  • Component: security-libs
  • Sub-Component: java.security
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • Submitted: 2019-04-08
  • Updated: 2019-08-14
  • Resolved: 2019-04-08
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 11 JDK 12 JDK 13 JDK 7 JDK 8 Other
11.0.4-oracleFixed 12.0.2Fixed 13 b16Fixed 7u231Fixed 8u221Fixed openjdk8u222Fixed
Related Reports
Relates :  
JDK-8222137 - Remove T-Systems root CA certificate
Relates :  
JDK-8222136 - Remove two Comodo root CA certificates that are expiring
Description
1. Alias name: utnuserfirstobjectca [jdk]
Valid from: Fri Jul 09 14:31:20 EDT 1999 until: Tue Jul 09 14:40:36 EDT 2019

2. Alias name: deutschetelekomrootca2 [jdk]
Valid from: Fri Jul 09 08:11:00 EDT 1999 until: Tue Jul 09 19:59:00 EDT 2019

3. Alias name: utnuserfirstclientauthemailca [jdk]
Valid from: Fri Jul 09 13:28:50 EDT 1999 until: Tue Jul 09 13:36:58 EDT 2019

4. Alias name: utnuserfirsthardwareca [jdk]
Valid from: Fri Jul 09 14:10:42 EDT 1999 until: Tue Jul 09 14:19:22 EDT 2019
Comments
Fix Request The same as for jdk12u goes for jdk11u. The patch applies cleanly.
12-04-2019
Fix Request Requesting approval to backport this test-only fix to 12u. The test is going to fail due to 4 root certs that are soon to expire within 90 days. The test has been modified to temporarily allow these roots to pass the test until we can remove or replace them. Patch applies cleanly.
09-04-2019