Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-6521482

Include StartCom root certificate in cacerts

    Details

    • Type: Enhancement
    • Status: Closed
    • Priority: P4
    • Resolution: Won't Fix
    • Affects Version/s: 5.0, 7
    • Fix Version/s: None
    • Component/s: security-libs
    • Labels:

      Description

      A DESCRIPTION OF THE REQUEST :
      The StartCom root certificate is currently missing from cacerts, which means that any SSLSocket connecting to a server which has a certificate provided by this CA will throw an error by default.


      JUSTIFICATION :
      I believe that having this root certificate in cacerts will make life easier for those of us who run servers whose certificates are provided by this CA.

      StartCom has gone through a third party audit which was enough to allow Mozilla to include their root certificate, so I think we can consider them as trustworthy.



      CUSTOMER SUBMITTED WORKAROUND :
      One workaround is to manually add the certificate to cacerts (complex, but quite possible.) Another workaround is to use a nulled out TrustManager to accept all certificates.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                mullan Sean Mullan
                Reporter:
                ryeung Roger Yeung (Inactive)
              • Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Imported:
                  Indexed: