On Thu, 23 Jan 2025 22:13:09 GMT, Sean Mullan <mul...@openjdk.org> wrote:
>> done > > I think you added the fields for the root certificates, and not these > certificates. Also, these are not root certificates, so I would remove "Root > Certificate". > > You can use `keytool -printcert -file ...` and just include the fields before > the Extensions part, ex for one of them: > > > Owner: CN=Camerfirma Corporate Server II - 2015, L=Madrid (see current > address at https://www.camerfirma.com/address), SERIALNUMBER=A82743287, O=AC > Camerfirma S.A., OU=AC CAMERFIRMA, C=ES > Issuer: CN=Chambers of Commerce Root - 2008, O=AC Camerfirma S.A., > SERIALNUMBER=A82743287, L=Madrid (see current address at > www.camerfirma.com/address), C=EU > Serial number: 621ff31c489ba136 > Valid from: Thu Jan 15 04:21:16 EST 2015 until: Tue Dec 15 04:21:16 EST 2037 > Certificate fingerprints: > SHA1: FE:72:7A:78:EA:0C:03:35:CD:DA:9C:2E:D7:5F:D4:D4:6F:35:C2:EF > SHA256: > 66:EA:E2:70:9B:54:CD:D1:69:31:77:B1:33:2F:F0:36:CD:D0:F7:23:DB:30:39:ED:31:15:55:A6:CB:F5:FF:3E > Signature algorithm name: SHA256withRSA > Subject Public Key Algorithm: 4096-bit RSA key > Version: 3 I noticed the entrust chains have a similar issue, but we can fix those up later. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/22985#discussion_r1927754599
