New JEP Draft: "Open-Source the Root Certificates"

Sean Mullan sean.mullan at
Wed Nov 22 13:23:05 UTC 2017

Please review a new JEP Draft titled "Open-Source the Root 
Certificates". The JDK source code currently contains an empty cacerts 
keystore, which prevents security components such as TLS from working 
out-of-the-box on OpenJDK builds.

The goal of this JEP is to provide a default set of root certificates in 
the JDK, in order to reduce the differences between the OpenJDK and 
Oracle JDK builds.


More information about the security-dev mailing list