Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8074426

Add JKS support for trust settings on root certificates

        Details

          Backports

            Description

            One of the features we are missing is a way to mark and edit trust settings on trust anchors, or root CA certificates. For example, a root CA may be trusted for SSL, S/MIME, or code signing. Browsers usually support this feature, as well as OS-specific keystores like keychain on OS X.

            The work for this issue should also include enhancing the PKIX implementation to check the trust settings when validating chains. For example, a root that is only trusted for code signing should not be used to validate TLS certificates.

              Issue Links

              blocks

              Sub-task - The sub-task of the issue JDK-8154200 Add support for attributes for the cacerts keystore

              • P3 - Major loss of function.
              • Resolved - A resolution has been taken, and it is awaiting verification by reporter. From here issues are either reopened, or are closed.
              relates to

              Enhancement - null JDK-8162628 Investigate migrating cacerts keystore to PKCS12 format

              • P3 - Major loss of function.
              • Open - The issue is open and ready for the assignee to start work on it.

                Activity

                There are no comments yet on this issue.

                  People

                  • Assignee:
                    vinnie Vincent Ryan
                    Reporter:
                    mullan Sean Mullan
                  • Votes:
                    0 Vote for this issue
                    Watchers:
                    2 Start watching this issue

                    Dates

                    • Created:
                      Updated:
                      Resolved: