On 4/30/20 2:53 PM, Michael StJohns wrote:
On 4/30/2020 2:11 PM, Rajan Halade wrote:
Please review this patch to remove Keynectis CA certificate from
cacerts store.
Webrev: http://cr.openjdk.java.net/~rhalade/8225068/webrev.00/
Thanks,
Rajan
Hi -
There are three other certificates expiring a week after the one you're
removing - why aren't they going too?
One of those will be removed soon. See
https://bugs.openjdk.java.net/browse/JDK-8225069
The other two have had code signing certificates that chain back to the
roots. The roots need to remain in order to continue to support
applications that have been previously signed and timestamped.
--Sean