JDK-8325766 : Extend CertificateBuilder to create trust and end entity certificates programmatically
  • Type: Enhancement
  • Component: security-libs
  • Sub-Component: java.security
  • Affected Version: 8,23
  • Priority: P4
  • Status: Resolved
  • Resolution: Fixed
  • Submitted: 2024-02-13
  • Updated: 2025-11-06
  • Resolved: 2025-09-02
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 17 JDK 21 JDK 25 JDK 26
17.0.18-oracleFixed 21.0.10-oracleFixed 25.0.2Fixed 26 b14Fixed
Related Reports
Blocks :  
JDK-8353738 - Update TLS unit tests to not use certificates with MD5 signatures
Relates :  
JDK-8325096 - Test java/security/cert/CertPathBuilder/akiExt/AKISerialNumber.java is failing
Relates :  
JDK-8031674 - Update MD5 signed certificate to SHA-2 algorithm
Description
Few tests use hardcoded certificates. When these certificates expire, test fails. This bug is filed to update these test certificates to either be generated at run time or updated to have extended expiry date.

Finding tests can be achieved in two ways:

- Set system clock to future date and run tests as suggested by Sean C. This would cause krb tests to fail with clock skew error so those should be ignored.
- Other option would be to look for certificates in the test with grep (BEGIN etc.)
Comments
Fix request [17u] I backport this for parity with 17.0.18-oracle. No risk, only a test change. Clean backport from 21. Test passes. SAP nightly testing passed.
05-11-2025
A pull request was submitted for review. Branch: master URL: https://git.openjdk.org/jdk17u-dev/pull/4153 Date: 2025-11-04 11:07:34 +0000
04-11-2025
Fix request [21u] I backport this for parity with 21.0.10-oracle. No risk, only a test change Resolved and modified imports in CertificateBuilder. Test passes. SAP nightly testing passed.
25-10-2025
A pull request was submitted for review. Branch: master URL: https://git.openjdk.org/jdk21u-dev/pull/2377 Date: 2025-10-22 12:23:17 +0000
22-10-2025
[jdk25u-fix-request] Approval Request from Deepak Damodaran . Need to fix to achieve parity, Test change only, No risk.
02-10-2025
A pull request was submitted for review. Branch: master URL: https://git.openjdk.org/jdk25u/pull/263 Date: 2025-10-02 10:00:27 +0000
02-10-2025
Changeset: 31847149 Branch: master Author: Matthew Donovan <mdonovan@openjdk.org> Date: 2025-09-02 11:17:56 +0000 URL: https://git.openjdk.org/jdk/commit/31847149c1956b23c19a99309982660b4bbdd2d6
02-09-2025
A pull request was submitted for review. Branch: master URL: https://git.openjdk.org/jdk/pull/23700 Date: 2025-02-19 15:48:10 +0000
19-02-2025
A pull request was submitted for review. Branch: master URL: https://git.openjdk.org/jdk/pull/18958 Date: 2024-04-25 17:20:11 +0000
09-07-2024