Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-6521482

Include StartCom root certificate in cacerts

    Details

    • Type: Enhancement
    • Status: Closed
    • Priority: P4
    • Resolution: Won't Fix
    • Affects Version/s: 5.0, 7
    • Fix Version/s: None
    • Component/s: security-libs
    • Labels:

      Description

      A DESCRIPTION OF THE REQUEST :
      The StartCom root certificate is currently missing from cacerts, which means that any SSLSocket connecting to a server which has a certificate provided by this CA will throw an error by default.


      JUSTIFICATION :
      I believe that having this root certificate in cacerts will make life easier for those of us who run servers whose certificates are provided by this CA.

      StartCom has gone through a third party audit which was enough to allow Mozilla to include their root certificate, so I think we can consider them as trustworthy.



      CUSTOMER SUBMITTED WORKAROUND :
      One workaround is to manually add the certificate to cacerts (complex, but quite possible.) Another workaround is to use a nulled out TrustManager to accept all certificates.

        Issue Links

          Activity

          Hide
          mullan Sean Mullan added a comment -
          BT2:EVALUATION

          Closing as we have a separate process for including CA certs in the JDK/JRE.
          Please send this message to the submitter:

          We have a separate process for including CA certificates in the JRE/JDK and it should be
          initiated by the organization or company that owns the CA. Please have someone from
          StartCom send an email to the ###@###.### alias with their request
          to include the StartCom root certificate(s) and someone from Sun will contact them with
          further details.

          Thank you.
          Show
          mullan Sean Mullan added a comment - BT2:EVALUATION Closing as we have a separate process for including CA certs in the JDK/JRE. Please send this message to the submitter: We have a separate process for including CA certificates in the JRE/JDK and it should be initiated by the organization or company that owns the CA. Please have someone from StartCom send an email to the ###@###.### alias with their request to include the StartCom root certificate(s) and someone from Sun will contact them with further details. Thank you.

            People

            • Assignee:
              mullan Sean Mullan
              Reporter:
              ryeung Roger Yeung (Inactive)
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Imported:
                Indexed: