JDK-8304556 : Add public API for generating self signed X.509 certificates
  • Type: Enhancement
  • Component: security-libs
  • Sub-Component: java.security
  • Affected Version: 21
  • Priority: P4
  • Status: Open
  • Resolution: Unresolved
  • OS: generic
  • CPU: generic
  • Submitted: 2023-03-18
  • Updated: 2023-04-10
Related Reports
Relates :  
JDK-6539136 - Add KeyTool and JarSigner as JSR 199 Tools
Relates :  
JDK-8058778 - New APIs for creating certificates and certificate requests
Description
A DESCRIPTION OF THE PROBLEM :
The Java API internal can generate self signed certificates. This is possible via some deprecated packages. As this API is needed for the Java Keytool, it will not be removed in the future.

Self signed certificates are important for E2E connections without a server. Currently this is only possible via third party library. Add an API, for example in java.security.cert.CertificateFactory or a new class X509CertificateBuilder, that can generate self signed certificates.
Comments
Moved to JDK for further evaluations.
21-03-2023