On Thu, 23 Jan 2025 20:20:04 GMT, Mark Powers <mpow...@openjdk.org> wrote:
>> test/jdk/sun/security/ssl/X509TrustManagerImpl/distrust/chains/camerfirma/camerfirmachambersca-chain.pem >> line 1: >> >>> 1: -----BEGIN CERTIFICATE----- >> >> Can you put some basic information about the certs at the top of these >> files, such as the Issuer DN, etc? See the entrust pem files for examples. > > done I think you added the fields for the root certificates, and not these certificates. Also, these are not root certificates, so I would remove "Root Certificate". You can use `keytool -printcert -file ...` and just include the fields before the Extensions part, ex for one of them: Owner: CN=Camerfirma Corporate Server II - 2015, L=Madrid (see current address at https://www.camerfirma.com/address), SERIALNUMBER=A82743287, O=AC Camerfirma S.A., OU=AC CAMERFIRMA, C=ES Issuer: CN=Chambers of Commerce Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU Serial number: 621ff31c489ba136 Valid from: Thu Jan 15 04:21:16 EST 2015 until: Tue Dec 15 04:21:16 EST 2037 Certificate fingerprints: SHA1: FE:72:7A:78:EA:0C:03:35:CD:DA:9C:2E:D7:5F:D4:D4:6F:35:C2:EF SHA256: 66:EA:E2:70:9B:54:CD:D1:69:31:77:B1:33:2F:F0:36:CD:D0:F7:23:DB:30:39:ED:31:15:55:A6:CB:F5:FF:3E Signature algorithm name: SHA256withRSA Subject Public Key Algorithm: 4096-bit RSA key Version: 3 ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/22985#discussion_r1927751049
