RFR: 8245654: Add Certigna Root CA [v3]
Sean Mullan
mullan at openjdk.org
Wed Nov 2 13:16:30 UTC 2022
On Wed, 2 Nov 2022 08:24:37 GMT, Rajan Halade <rhalade at openjdk.org> wrote:
>> This fix adds Certigna root CA to cacerts trust store.
>
> Rajan Halade has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains six additional commits since the last revision:
>
> - Merge branch 'openjdk:master' into 8247698-certigna
> - Merge branch 'master' into 8247698-certigna
> - remove control-M characters
> - Added Certigna CA cert and updated VerifyCACerts.java test
> - Merge remote-tracking branch 'origin/master' into 8247698-certigna
> - 8247698: Evaluate the inclusion of DHIMYOTIS (certigna) roots
src/java.base/share/data/cacerts/certignaca line 5:
> 3: Serial number: fedce3010fc948ff
> 4: Valid from: Fri Jun 29 15:13:05 GMT 2007 until: Tue Jun 29 15:13:05 GMT 2027
> 5: Signature algorithm name: SHA1withRSA (weak)
Don't include "(weak)" in this line. The signature algorithm of root certificates is not a security issue, since the certificate fingerprint has been verified and the public key is trusted directly.
-------------
PR: https://git.openjdk.org/jdk/pull/10030
More information about the security-dev
mailing list