On Mon, 1 Feb 2021 23:06:30 GMT, Hai-May Chao <hc...@openjdk.org> wrote:
> This change is made for compliance with RFC 5280 section 4.2.1.1 for > Authority Key Identifier extension. I think it would be useful to add a test that checks that `keytool` now creates the AKID from the issuing CA's SKID. `keytool -ext` should be able to create a certificate with your own AKID, but you need to specify the OID and a hex-encoded string for the value. Check with @wangweij but I think you can probably enhance an existing test. ------------- PR: https://git.openjdk.java.net/jdk/pull/2343
