Question on JDK-8058778 (New APIs for creating certificates and certificate requests)

Sean Mullan sean.mullan at
Tue Sep 26 13:34:23 UTC 2023


On Sep 26, 2023, at 6:19 AM, Robert Sherwood <robert.sherwood at<mailto:robert.sherwood at>> wrote:

Hello everyone – I hope this is not too silly a question.

I am doing some Java based PKI work for a client and have discovered the long outstanding JDK-8058778. I am curious about the difficulty of this request. I assume that it must be a very complicated problem to be open for so long.

It would be a significant amount of work to deliver this feature, but that is not the primary reason for why this work has not progressed.

It seems like a reasonable straightforward problem. Is this a reasonable issue for a newcomer (i.e. me) to work on or is there some hidden complexity that prevents it being resolved?

The bigger issue is whether something like this belongs in the Java Platform as a standard API. Essentially we would be including CA (Certificate Authority) functionality. This is more of a “batteries included or not" type of question. Also, keytool currently provides the ability to create X.509 certificates and supports most common extensions. While this is not an API, we have found it sufficient for creating test certificates, which is one of the more common use cases for this feature.



Rob Sherwood

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the security-dev mailing list