Summary
-------

Remove root certificates with 1024-bit RSA public keys from the `cacerts` keystore.

Problem
-------

There are 5 root certificates with 1024-bit RSA public keys in the system-wide `cacerts` keystore.  These roots should be removed as the key size is weak. 

Solution
--------

Remove the following root certificates (keystore alias and Distinguished Name shown below) from the `cacerts` keystore:

1. thawtepremiumserverca [jdk]

    EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA

2. verisignclass2g2ca [jdk]

    OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US

3. verisignclass3ca [jdk]

    OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US

4. verisignclass3g2ca [jdk]

    OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US

5. verisigntsaca [jdk]

    CN=Thawte Timestamping CA, OU=Thawte Certification, O=Thawte, L=Durbanville, ST=Western Cape, C=ZA

Specification
-------------

The keystore aliases listed in the Solution section will be removed from the `{java.home}/lib/security/cacerts` file. Since this file is binary, it is not possible to show a diff. The following files containing the certificates will be deleted from the JDK source code:

*  make/data/cacerts/thawtepremiumserverca
*  make/data/cacerts/verisignclass2g2ca
*  make/data/cacerts/verisignclass3ca
*  make/data/cacerts/verisignclass3g2ca
*  make/data/cacerts/verisigntsaca