JDK-8249597 : JDK 7/8 keytool documentation needs updating
  • Type: Sub-task
  • Component: docs
  • Sub-Component: tools
  • Affected Version: 7u281,8u271
  • Priority: P4
  • Status: Resolved
  • Resolution: Delivered
  • Submitted: 2020-07-16
  • Updated: 2022-06-27
  • Resolved: 2020-09-25
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 7 JDK 8
7u281Fixed 8u271Resolved
Related Reports
Relates :  
JDK-8249541 - keytool default cert fingerprint algorithm should be SHA-256
Relates :  
JDK-8249595 - Update keytool man page
Description
The JDK 7/8 docs for keytool need to be refreshed to indicate that MD5 is no longer printed as a certificate fingerprint. SHA-256 will also become the default fingerprint.
Comments
The later seems correct. See https://java.com/en/jre-jdk-cryptoroadmap.html also. SHA256withRSA changes implemented in 2017.
27-07-2020
There's an example in the documentation, with notes as follows: "It creates a self-signed certificate (using the default "SHA1withDSA" signature algorithm) that includes the public key and the distinguished name information" Please confirm that this is still correct. Otherwise, would the following be correct? "It creates a self-signed certificate (using the default "SHA256withRSA" signature algorithm) that includes the public key and the distinguished name information"
27-07-2020
There's an example in the documentation, with notes as follows: "It creates a self-signed certificate (using the default "SHA1withDSA" signature algorithm) that includes the public key and the distinguished name information" Please confirm that this is still correct. Otherwise, would the following be correct? "It creates a self-signed certificate (using the default "SHA256withRSA" signature algorithm) that includes the public key and the distinguished name information"
27-07-2020