RFR: 8225068: Remove DocuSign root certificate that is expiring in May 2020
Sean Mullan
sean.mullan at oracle.com
Thu Apr 30 21:29:57 UTC 2020
On 4/30/20 2:53 PM, Michael StJohns wrote:
> On 4/30/2020 2:11 PM, Rajan Halade wrote:
>> Please review this patch to remove Keynectis CA certificate from
>> cacerts store.
>>
>> Webrev: http://cr.openjdk.java.net/~rhalade/8225068/webrev.00/
>>
>> Thanks,
>> Rajan
>>
> Hi -
>
> There are three other certificates expiring a week after the one you're
> removing - why aren't they going too?
One of those will be removed soon. See
https://bugs.openjdk.java.net/browse/JDK-8225069
The other two have had code signing certificates that chain back to the
roots. The roots need to remain in order to continue to support
applications that have been previously signed and timestamped.
--Sean
More information about the security-dev
mailing list