Bug ID: JDK-8341087 Change Entrust TLS distrust date to November 12, 2024

Type: CSR
Component: security-libs
Sub-Component: javax.net.ssl

Priority: P2
Status: Closed
Resolution: Approved
Fix Versions: 7-pool,8-pool,11-pool,17-pool,21-pool,23-pool,24

Submitted: 2024-09-27
Updated: 2024-09-27
Resolved: 2024-09-27

Summary
-------

Change the Entrust TLS server certificate distrust date from November 1 to November 12, 2024. See https://bugs.openjdk.org/browse/JDK-8337664 for details on the original distrust issue.

Problem
-------

Google has changed their distrust date for Entrust TLS server certificates from November 1 to November 12, 2024 [1]. Entrust has also changed the date they plan to use SSL.com as the issuing CA for public TLS server certificates to November 12 [2]. Accordingly, to align with those updated dates, we will change our distrust date to November 12, 2024.

[1] https://security.googleblog.com/2024/06/sustaining-digital-certificate-security.html
[2] https://www.entrust.com/tls-certificate-information-center

Solution
--------

Change the Entrust TLS server certificate distrust date from November 1 to November 12, 2024.

Specification
-------------

Change the distrust date in the java.security configuration file:
```
diff --git a/src/java.base/share/conf/security/java.security b/src/java.base/share/conf/security/java.security
index 9651ae2d373..e9af7cc108c 100644
--- a/src/java.base/share/conf/security/java.security
+++ b/src/java.base/share/conf/security/java.security
@@ -1358,7 +1358,7 @@ jdk.sasl.disabledMechanisms=
 # Distrust after December 31, 2019.
 #
 # ENTRUST_TLS : Distrust TLS Server certificates anchored by
-# an Entrust root CA and issued after October 31, 2024.
+# an Entrust root CA and issued after November 11, 2024.
 #
 # Leading and trailing whitespace surrounding each value are ignored.
 # Unknown values are ignored. If the property is commented out or set to the 
```

Serving as reviewer and moving to Approved.

27-09-2024