[8u] Is it possible to bring root certificates to OpenJDK 8 [JEP319] ?

Sean Mullan sean.mullan at oracle.com
Fri Mar 22 19:33:27 UTC 2019

Hi Christoph,

On 3/21/19 6:20 AM, Langer, Christoph wrote:
> Hi,
> I recently came across a scenario where I wanted to use a self-built OpenJDK 8 in a maven build and it could not download artefacts due to missing root certificates. I helped myself by replacing the cacerts with some other version from a later OpenJDK and came over the issue. However, I’ve asked myself whether it was possible/worthwhile to get the root certificates also into an OpenJDK 8 update?
> With JEP 319 [0], Oracle has open-sourced the root certificates into OpenJDK. The initial check-in was done for jdk10, via bug JDK-8189131 [1]. After that, several commits have been made to update the set of root certificates and improve the tests.
> Now my questions are: Is it legally possible to bring these root certificates also into OpenJDK 8? Since it is a JEP, can the “feature” be added to OpenJDK 8 via an update release? And, last but not least, would there be interest in the community for that at all?

I can answer the first two questions. I talked to one of our Product 
Managers who was involved with this JEP and he said that we have 
permission to release these certificates as open source at OpenJDK (much 
as Mozilla has roots in Firefox).  Therefore there should be no concerns 
using with OpenJDK 8 or other versions for that matter.  If you mean the 
jdk8u project specifically, you should check with the current 
maintainers for interest in this as I think they currently use other 
means for their builds.


> Just trying to start a discussion… ��
> Best regards
> Christoph
> [0] http://openjdk.java.net/jeps/319
> [1] https://bugs.openjdk.java.net/browse/JDK-8189131

More information about the jdk8u-dev mailing list