Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-6483657 MSCAPI provider does not create unique alias names
  3. JDK-8161128

Release Note: MSCAPI KeyStore can handle same named certificates

    XMLWordPrintable

    Details

    • Type: Sub-task
    • Status: Closed
    • Priority: P4
    • Resolution: Delivered
    • Affects Version/s: 7u121, 8u92, 8u101
    • Fix Version/s: None
    • Component/s: security-libs

      Backports

        Description

        Java SE KeyStore does not allow certificates that have the same aliases.
        http://docs.oracle.com/javase/8/docs/api/java/security/KeyStore.html

        However, on Windows, multiple certificates stored in one keystore are allowed to have non-unique friendly names.

        The fix for JDK-6483657 makes it possible to operate on such non-uniquely named certificates through the Java API by artificially making the visible aliases unique.

        Please note, this fix does not enable creating same-named certificates with the Java API. It only allows you to deal with same-named certificates that were added to the keystore by 3rd party tools.

        It is still recommended that your design not use multiple certificates with the same name. In particular, the following sentence will not be removed from the Java documentation:
         "In order to avoid problems, it is recommended not to use aliases in a KeyStore that only differ in case."
        http://docs.oracle.com/javase/8/docs/api/java/security/KeyStore.html

          Attachments

            Issue Links

              Activity

                People

                Assignee:
                igerasim Ivan Gerasimov
                Reporter:
                igerasim Ivan Gerasimov
                Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                  Dates

                  Created:
                  Updated:
                  Resolved: