HARICA's 2015 Roots not trusted by Java

ssllabs / ssllabs-scan

A command-line reference-implementation client for SSL Labs APIs, designed for automated and/or bulk testing.

https://www.ssllabs.com/projects/ssllabs-apis/

Apache License 2.0

1.7k stars 241 forks source link

HARICA's 2015 Roots not trusted by Java #924

Closed AEtherC0r3 closed 1 year ago

AEtherC0r3 commented 1 year ago

The "SSL Server Test" reports certificates that chain to HARICA's 2015 Roots (https://crt.sh/?caID=14566, https://crt.sh/?caID=14546) as "not trusted by Java trust store". e.g. https://www.ssllabs.com/ssltest/analyze.html?d=harica.gr&s=155.207.1.46

These root CAs have been included in the Java trust store since at least April 2021 https://www.oracle.com/java/technologies/javase/16all-relnotes.html https://bugs.openjdk.org/browse/jdk-8256421

naumanshah03 commented 1 year ago

Hi @AEtherC0r3

Trust stores are now updated on www.ssllabs.com with v2.2.0 hence closing this issue. Also I would recommend not sending CA certificate as it will increase your bandwidth for each request that is being made. Removing the CA certificate will reduce your bandwidth consumption.

https://www.ssllabs.com/ssltest/analyze.html?d=harica.gr&s=155.207.1.46&latest

Regards, Nauman Shah