Bug ID: JDK-8325766 Extend CertificateBuilder to create trust and end entity certificates programmatically

JDK-8325766 : Extend CertificateBuilder to create trust and end entity certificates programmatically

Type: Enhancement
Component: security-libs
Sub-Component: java.security
Affected Version: 8,23

Priority: P4
Status: Resolved
Resolution: Fixed

Submitted: 2024-02-13
Updated: 2025-09-08
Resolved: 2025-09-02

Versions (Unresolved/Resolved/Fixed)

The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.

JDK 26
26 b14Fixed

Related Reports

Blocks :	JDK-8353738 - Update TLS unit tests to not use certificates with MD5 signatures
Relates :	JDK-8325096 - Test java/security/cert/CertPathBuilder/akiExt/AKISerialNumber.java is failing
Relates :	JDK-8031674 - Update MD5 signed certificate to SHA-2 algorithm

Description

Few tests use hardcoded certificates. When these certificates expire, test fails. This bug is filed to update these test certificates to either be generated at run time or updated to have extended expiry date.

Finding tests can be achieved in two ways:

- Set system clock to future date and run tests as suggested by Sean C. This would cause krb tests to fail with clock skew error so those should be ignored.
- Other option would be to look for certificates in the test with grep (BEGIN etc.)

Comments

Changeset: 31847149 Branch: master Author: Matthew Donovan <mdonovan@openjdk.org> Date: 2025-09-02 11:17:56 +0000 URL: https://git.openjdk.org/jdk/commit/31847149c1956b23c19a99309982660b4bbdd2d6

02-09-2025

A pull request was submitted for review. Branch: master URL: https://git.openjdk.org/jdk/pull/23700 Date: 2025-02-19 15:48:10 +0000

19-02-2025

A pull request was submitted for review. Branch: master URL: https://git.openjdk.org/jdk/pull/18958 Date: 2024-04-25 17:20:11 +0000

09-07-2024