Please review this change to distrust TLS server certificates issued after October 31, 2024 and anchored by Entrust Root CAs. This change is in line with similar plans recently announced by Google and Mozilla. TLS server certificates issued before this date will continue to be valid until they expire. This restriction should have minimal compatibility impact since Entrust has announced they will be using a partner (SSL.com) for all TLS server certificates issued after Oct 31, 2024.
See the CSR for more details: https://bugs.openjdk.org/browse/JDK-8339194 ------------- Commit messages: - final iteration - ready for review - Affirmtrust - second iteration - first iteration Changes: https://git.openjdk.org/jdk/pull/20731/files Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=20731&range=00 Issue: https://bugs.openjdk.org/browse/JDK-8337664 Stats: 1348 lines in 22 files changed: 1346 ins; 0 del; 2 mod Patch: https://git.openjdk.org/jdk/pull/20731.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/20731/head:pull/20731 PR: https://git.openjdk.org/jdk/pull/20731
