On Fri, 5 Feb 2021 21:54:19 GMT, Sean Mullan <mul...@openjdk.org> wrote:
> I think it would be useful to add a test that checks that `keytool` now > creates the AKID from the issuing CA's SKID. `keytool -ext` should be able to > create a certificate with your own AKID, but you need to specify the OID and > a hex-encoded string for the value. Check with @wangweij but I think you can > probably enhance an existing test. Unfortunately, SKID and AKID are added after all other extensions, therefore it will overwrite any SKID or AKID you explicitly provided. ------------- PR: https://git.openjdk.java.net/jdk/pull/2343
