See the main JEP JDK-8191486 for details on cacerts keystore and changes planned.
Test entries in cacerts keystore
cacerts keystore will include trusted root certificates issued by Certificate Authority. This new test will check root CA entries in this file:
- Verify expected number of certificates in keystore
- Check SHA256 fingerprint of certificate
- Make sure certificate can be self-verified
- Make sure certificate is not expired or not yet valid
- Make sure no certificate is within 90 days of expiry
Interoperability testing against Certificate Authorities
Trusted Certificate Authorities issue valid and revoked test certificates. This test will use these test certificates and attempt to validate using OCSP and CRL revocation checking.