Request to include “HARICA TLS RSA Root CA 2021” and “HARICA TLS ECC Root CA 2021” in OpenJDK cacerts
Martijn de Haar
Martijn.de.Haar at topicus.nl
Mon Dec 1 09:53:25 UTC 2025
Dear OpenJDK Security Team,
I would like to request the inclusion of the following HARICA root certificates in the default OpenJDK cacerts truststore:
* HARICA TLS RSA Root CA 2021
* HARICA TLS ECC Root CA 2021
These roots are part of HARICA’s 2021 TLS Root hierarchy and are already included in all major trust programs (Apple, Microsoft, Mozilla, Google, Oracle) and in modern operating system trust stores. However, they do not appear to be present in the current OpenJDK cacerts file, while the older HARICA 2015 roots are included (added under JDK-8260597).
This absence causes Java applications to fail TLS validation when connecting to services that use certificates issued under the 2021 HARICA hierarchy.
Thank you for your time and consideration.
Kind regards,
Martijn de Haar
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20251201/21d5c0b6/attachment.htm>
More information about the security-dev
mailing list