Hi,
Thanks for your inquiry.
All root CA certificate requests should be initiated by the Certificate
Authority using the process defined at
https://www.oracle.com/java/technologies/javase/carootcertsprogram.html
In this case, an application has already been filed by Harica for the
roots below and it is being evaluated.
--Sean
On 12/1/25 4:53 AM, Martijn de Haar wrote:
Dear OpenJDK Security Team,
I would like to request the inclusion of the following HARICA root
certificates in the default OpenJDK |cacerts| truststore:
*
*HARICA TLS RSA Root CA 2021*
*
*HARICA TLS ECC Root CA 2021*
These roots are part of HARICA’s 2021 TLS Root hierarchy and are already
included in all major trust programs (Apple, Microsoft, Mozilla, Google,
Oracle) and in modern operating system trust stores. However, they do
not appear to be present in the current OpenJDK |cacerts| file, while
the older HARICA 2015 roots are included (added under JDK-8260597).
This absence causes Java applications to fail TLS validation when
connecting to services that use certificates issued under the 2021
HARICA hierarchy.
Thank you for your time and consideration.
Kind regards,
Martijn de Haar
