Bug ID: JDK-8321408 Add Certainly roots R1 and E1

Versions (Unresolved/Resolved/Fixed)

The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.

JDK 11	JDK 17	JDK 21	JDK 22	JDK 23	JDK 7	JDK 8	Other
11.0.23-oracleFixed	17.0.11-oracleFixed	21.0.3-oracleFixed	22.0.1Fixed	23 b11Fixed	7u421Fixed	8u411Fixed	openjdk8u412Fixed

Subject of root Certificate: Certainly Root R1 

Fingerprint of root Certificate: 
SHA256: 77:B8:2C:D8:64:4C:43:05:F7:AC:C5:CB:15:6B:45:67:50:04:03:3D:51:C6:0C:62:02:A8:E0:C3:34:67:D3:A0
Root certificate: https://www.certainly.com/certificates/Certainly_Root_R1.pem

Type: only used for TLS, including mTLS - specifically, they anchor certificates containing servrAuth and clientAuth EKUs.

Test URLs:
Valid: https://valid.root-r1.certainly.com
Revoked: https://revoked.root-r1.certainly.com/
Expired: https://expired.root-r1.certainly.com 
http://crl.root-r1.certainly.com ; 
OCSP: http://ocsp.certainly.com

---------------------------------------------------

Subject of root Certificate: Certainly Root E1

Fingerprint of root Certificate: 
SHA256: B4:58:5F:22:E4:AC:75:6A:4E:86:12:A1:36:1C:5D:9D:03:1A:93:FD:84:FE:BB:77:8F:A3:06:8B:0F:C4:2D:C2

Root certificate: https://www.certainly.com/certificates/Certainly_Root_E1.pem

Type:  only used for TLS, including mTLS - specifically, they anchor certificates containing servrAuth and clientAuth EKUs.

Test URLs: 
Valid: https://valid.root-e1.certainly.com 
Revoked: https://revoked.root-e1.certainly.com/
Expired: https://expired.root-e1.certainly.com
http://crl.root-e1.certainly.com
OCSP: http://ocsp.certainly.com

[jdk8u-critical-request] Approval Request from Andrew Hughes Root certificate update with two new certificates. The same update is being made to later JDKs (11, 17, 21, 22) for April so it would be good to keep 8u in sync.
22-03-2024
A pull request was submitted for review. URL: https://git.openjdk.org/jdk8u/pull/54 Date: 2024-03-22 03:21:27 +0000
22-03-2024
A pull request was submitted for review. URL: https://git.openjdk.org/jdk11u-dev/pull/2542 Date: 2024-02-22 15:37:38 +0000
23-02-2024
Fix request [11u] I backport this for parity with 11.0.23-oracle. One of the required updates of meta information. I had to resolve and adapt the tests. Tests pass. SAP nighlty testing passed.
23-02-2024
A pull request was submitted for review. URL: https://git.openjdk.org/jdk17u-dev/pull/2217 Date: 2024-02-21 17:01:51 +0000
21-02-2024
[jdk17u-fix-request] Approval Request from Aleksey Shipilëv Unclean backport to roll in two more root certificates and better parity. Relevant tests pass.
21-02-2024
[jdk21u-fix-request] Approval Request from Aleksey Shipilëv Clean backport to add two new root certificates and match 21.0.3-oracle.
21-02-2024
A pull request was submitted for review. URL: https://git.openjdk.org/jdk21u-dev/pull/276 Date: 2024-02-21 10:48:46 +0000
21-02-2024
A pull request was submitted for review. URL: https://git.openjdk.org/jdk22u/pull/56 Date: 2024-02-16 18:12:30 +0000
16-02-2024
[jdk22u-fix-request] Approval Request from Rajan Halade The fix is to add new root CA certificates. The patch applies cleanly and has good test coverage.
16-02-2024
Changeset: f3073db4 Author: Rajan Halade <rhalade@openjdk.org> Date: 2024-02-16 18:07:53 +0000 URL: https://git.openjdk.org/jdk/commit/f3073db42aa80b3ced47edea8d2e8add874fb70f
16-02-2024
A pull request was submitted for review. URL: https://git.openjdk.org/jdk/pull/17880 Date: 2024-02-15 18:19:25 +0000
15-02-2024