JDK-8341057 : Add 2 SSL.com TLS roots
  • Type: Enhancement
  • Component: security-libs
  • Sub-Component: java.security
  • Priority: P2
  • Status: Resolved
  • Resolution: Fixed
  • Submitted: 2024-09-26
  • Updated: 2025-06-29
  • Resolved: 2024-09-27
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 11 JDK 17 JDK 21 JDK 23 JDK 24 JDK 7 JDK 8 Other
11.0.25-oracleFixed 17.0.13-oracleFixed 21.0.5-oracleFixed 23.0.1Fixed 24 b18Fixed 7u441Fixed 8u431Fixed openjdk8u442,shenandoah8u432Fixed
Sub Tasks
JDK-8341062 :  
Release Note: Added SSL.com TLS Root CA Certificates Issued in 2022 - Resolved
Description
Subject of root Certificate: SSL.com TLS ECC Root CA 2022
Fingerprint of root Certificate: SHA256: C3:2F:FD:9F:46:F9:36:D1:6C:36:73:99:09:59:43:4B:9A:D6:0A:AF:BB:9E:7C:F3:36:54:F1:44:CC:1B:A1:43
Root certificate: Attached / Downloaded at https://ssl.com/repo/certs/SSLcom-TLS-Root-2022-ECC.pem
Type: TLS
Test URLs:
https://test-root-2022-ecc.ssl.com/
http://ocsps.ssl.com/
http://crls.ssl.com/SSLcom-TLS-Root-2022-ECC.crl
Valid: https://test-root-2022-ecc.ssl.com/
Revoked: https://revoked-root-2022-ecc.ssl.com/
Expired: https://expired-root-2022-ecc.ssl.com/


Subject of root Certificate: SSL.com TLS RSA Root CA 2022
Fingerprint of root Certificate: SHA256: 8F:AF:7D:2E:2C:B4:70:9B:B8:E0:B3:36:66:BF:75:A5:DD:45:B5:DE:48:0F:8E:A8:D4:BF:E6:BE:BC:17:F2:ED
Root certificate: Attached / Downloaded at https://ssl.com/repo/certs/SSLcom-TLS-Root-2022-RSA.pem
Type: TLS
Test URLs:
https://test-root-2022-rsa.ssl.com/
http://ocsps.ssl.com/
http://crls.ssl.com/SSLcom-TLS-Root-2022-RSA.crl
Valid: https://test-root-2022-rsa.ssl.com/
Revoked: https://revoked-root-2022-rsa.ssl.com/
Expired: https://expired-root-2022-rsa.ssl.com/
Comments
[jdk8u-fix-request] Approval Request from Andrew Hughes New SSL.com TLS roots are necessary as they will be the issuing CA used by Entrust going forward (see JDK-8341087) Patch was not clean but was reviewed by Severin Gehwolf.
03-10-2024
A pull request was submitted for review. Branch: master URL: https://git.openjdk.org/jdk8u-dev/pull/589 Date: 2024-10-02 01:42:21 +0000
02-10-2024
A pull request was submitted for review. Branch: master URL: https://git.openjdk.org/jdk21u/pull/455 Date: 2024-10-01 06:17:38 +0000
01-10-2024
A pull request was submitted for review. Branch: master URL: https://git.openjdk.org/jdk11u/pull/99 Date: 2024-10-01 06:13:24 +0000
01-10-2024
Critical request [21u,17u,11u] I backport this for parity with *-oracle. One of the required updates of meta information. 21: Clean backport. 17: I had to move the certs to another location. Also, in VerifyCACerts I had to adapt the checksum. 11: Almost clean from 17, adapt tests to old Java syntax. The CAInterop test for the new certs and VerifyCACerts passes. SAP nightly testing passed.
01-10-2024
A pull request was submitted for review. Branch: master URL: https://git.openjdk.org/jdk17u/pull/401 Date: 2024-10-01 06:08:51 +0000
01-10-2024
A pull request was submitted for review. Branch: master URL: https://git.openjdk.org/jdk23u/pull/127 Date: 2024-09-27 17:00:20 +0000
27-09-2024
Changeset: 824a297a Branch: master Author: Rajan Halade <rhalade@openjdk.org> Date: 2024-09-27 16:57:02 +0000 URL: https://git.openjdk.org/jdk/commit/824a297aae15ba16cf6d7aded4b95fc9d6bf55e5
27-09-2024
[jdk23u-fix-request] Approval Request from Rajan Halade The fix is to add new root CA certificates. The patch applies cleanly and has good test coverage.
27-09-2024
A pull request was submitted for review. Branch: master URL: https://git.openjdk.org/jdk/pull/21212 Date: 2024-09-26 21:34:56 +0000
27-09-2024