RFR: 8225068: Remove DocuSign root certificate that is expiring in May 2020

Sean Mullan sean.mullan at oracle.com
Thu Apr 30 21:29:57 UTC 2020


On 4/30/20 2:53 PM, Michael StJohns wrote:
> On 4/30/2020 2:11 PM, Rajan Halade wrote:
>> Please review this patch to remove Keynectis CA certificate from 
>> cacerts store.
>>
>> Webrev: http://cr.openjdk.java.net/~rhalade/8225068/webrev.00/
>>
>> Thanks,
>> Rajan
>>
> Hi -
> 
> There are three other certificates expiring a week after the one you're 
> removing - why aren't they going too?

One of those will be removed soon. See 
https://bugs.openjdk.java.net/browse/JDK-8225069

The other two have had code signing certificates that chain back to the 
roots. The roots need to remain in order to continue to support 
applications that have been previously signed and timestamped.

--Sean


More information about the security-dev mailing list