JDK-8321408 : Add Certainly roots R1 and E1
  • Type: Enhancement
  • Component: security-libs
  • Sub-Component: java.security
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • Submitted: 2023-12-05
  • Updated: 2024-03-27
  • Resolved: 2024-02-16
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 11 JDK 17 JDK 21 JDK 22 JDK 23 JDK 7 JDK 8 Other
11.0.23-oracleFixed 17.0.11-oracleFixed 21.0.3-oracleFixed 22.0.1Fixed 23 b11Fixed 7u421Fixed 8u411Fixed openjdk8u412Fixed
Sub Tasks
JDK-8325903 :  
Description
Subject of root Certificate: Certainly Root R1 

Fingerprint of root Certificate: 
SHA256: 77:B8:2C:D8:64:4C:43:05:F7:AC:C5:CB:15:6B:45:67:50:04:03:3D:51:C6:0C:62:02:A8:E0:C3:34:67:D3:A0
Root certificate: https://www.certainly.com/certificates/Certainly_Root_R1.pem

Type: only used for TLS, including mTLS - specifically, they anchor certificates containing servrAuth and clientAuth EKUs.

Test URLs:
Valid: https://valid.root-r1.certainly.com
Revoked: https://revoked.root-r1.certainly.com/
Expired: https://expired.root-r1.certainly.com 
http://crl.root-r1.certainly.com ; 
OCSP: http://ocsp.certainly.com

---------------------------------------------------

Subject of root Certificate: Certainly Root E1

Fingerprint of root Certificate: 
SHA256: B4:58:5F:22:E4:AC:75:6A:4E:86:12:A1:36:1C:5D:9D:03:1A:93:FD:84:FE:BB:77:8F:A3:06:8B:0F:C4:2D:C2

Root certificate: https://www.certainly.com/certificates/Certainly_Root_E1.pem

Type:  only used for TLS, including mTLS - specifically, they anchor certificates containing servrAuth and clientAuth EKUs.

Test URLs: 
Valid: https://valid.root-e1.certainly.com 
Revoked: https://revoked.root-e1.certainly.com/
Expired: https://expired.root-e1.certainly.com
http://crl.root-e1.certainly.com
OCSP: http://ocsp.certainly.com

Comments
[jdk8u-critical-request] Approval Request from Andrew Hughes Root certificate update with two new certificates. The same update is being made to later JDKs (11, 17, 21, 22) for April so it would be good to keep 8u in sync.
22-03-2024

A pull request was submitted for review. URL: https://git.openjdk.org/jdk8u/pull/54 Date: 2024-03-22 03:21:27 +0000
22-03-2024

A pull request was submitted for review. URL: https://git.openjdk.org/jdk11u-dev/pull/2542 Date: 2024-02-22 15:37:38 +0000
23-02-2024

Fix request [11u] I backport this for parity with 11.0.23-oracle. One of the required updates of meta information. I had to resolve and adapt the tests. Tests pass. SAP nighlty testing passed.
23-02-2024

A pull request was submitted for review. URL: https://git.openjdk.org/jdk17u-dev/pull/2217 Date: 2024-02-21 17:01:51 +0000
21-02-2024

[jdk17u-fix-request] Approval Request from Aleksey Shipilëv Unclean backport to roll in two more root certificates and better parity. Relevant tests pass.
21-02-2024

[jdk21u-fix-request] Approval Request from Aleksey Shipilëv Clean backport to add two new root certificates and match 21.0.3-oracle.
21-02-2024

A pull request was submitted for review. URL: https://git.openjdk.org/jdk21u-dev/pull/276 Date: 2024-02-21 10:48:46 +0000
21-02-2024

A pull request was submitted for review. URL: https://git.openjdk.org/jdk22u/pull/56 Date: 2024-02-16 18:12:30 +0000
16-02-2024

[jdk22u-fix-request] Approval Request from Rajan Halade The fix is to add new root CA certificates. The patch applies cleanly and has good test coverage.
16-02-2024

Changeset: f3073db4 Author: Rajan Halade <rhalade@openjdk.org> Date: 2024-02-16 18:07:53 +0000 URL: https://git.openjdk.org/jdk/commit/f3073db42aa80b3ced47edea8d2e8add874fb70f
16-02-2024

A pull request was submitted for review. URL: https://git.openjdk.org/jdk/pull/17880 Date: 2024-02-15 18:19:25 +0000
15-02-2024