Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8078882

Need ability to rely on browser CA truststore in addition to cacerts

    Details

    • Type: Enhancement
    • Status: Closed
    • Priority: P3
    • Resolution: Other
    • Affects Version/s: 7u76, 9
    • Fix Version/s: 8-pool
    • Component/s: deploy

      Description

      When attempting to establish an SSL connection with SSLSocket, the CA and
      intermediate CA is checked against JRE's CAcerts or another file pointed by
      javax.net.ssl.trustStore.

      For customers that have a large installed base and their own CA (root or
      intermediate) this is a problem, as their CA certificates have to be
      installed on each machine's cacerts, every time Java is updated.

      A better solution is to search the browser's CA trust store and user level
      cacerts in addition to JRE's cacerts, as it would allow the customer to add
      their own CA to the browser trust store via GPO or to the user level CA certs
      (which survive Java updates).

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              shadowbug Shadow Bug
            • Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: