Bug ID: JDK-8275254 Release Note: Migrate cacerts From JKS to Password-Less PKCS12

JDK-8275254 : Release Note: Migrate cacerts From JKS to Password-Less PKCS12

Type: Sub-task
Component: security-libs
Sub-Component: java.security
Affected Version: 18

Priority: P4
Status: Closed
Resolution: Delivered

Submitted: 2021-10-14
Updated: 2022-03-24
Resolved: 2022-03-24

Versions (Unresolved/Resolved/Fixed)

The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.

JDK 18
18Resolved

Description

The `cacerts` keystore file is now a password-less PKCS #12 file. All certificates inside are not encrypted and there is no MacData for password integrity. Since the PKCS12 and JKS keystore types are interoperable, existing code that uses a JKS `KeyStore` to load the `cacerts` file with any password (including null) continue to behave as expected and can view or extract the certificates contained within the keystore.