id summary reporter owner description type status priority milestone component version resolution keywords cc 14652 Remove Let's Encrypt certificate Don-vip team "We added `DST_Root_CA_X3` CA (see #12264) in March 2016 because this CA was massively adopted on the web but Java was lagging behind everyone. Java does support Let's Encrypt now, since [http://www.oracle.com/technetwork/java/javase/8u101-relnotes-3021761.html 8u101] released in July 2016. Looking at usage statistics, **82.5%** of our users use a compatible version (as of April 2017): {{{ J 649 ( 5.7%) Java/1.8.0_101 J 120 ( 1.1%) Java/1.8.0_102 J 1124 ( 9.9%) Java/1.8.0_111 J 103 ( 0.9%) Java/1.8.0_112 J 7366 (64.9%) Java/1.8.0_121 }}} And **17%** do not: {{{ J 9 ( 0.1%) Java/1.8.0 J 17 ( 0.1%) Java/1.8.0_05 J 9 ( 0.1%) Java/1.8.0_11 J 22 ( 0.2%) Java/1.8.0_20 J 122 ( 1.1%) Java/1.8.0_25 J 144 ( 1.3%) Java/1.8.0_31 J 56 ( 0.5%) Java/1.8.0_40 J 126 ( 1.1%) Java/1.8.0_45 J 81 ( 0.7%) Java/1.8.0_51 J 129 ( 1.1%) Java/1.8.0_60 J 96 ( 0.8%) Java/1.8.0_65 J 246 ( 2.2%) Java/1.8.0_66 J 52 ( 0.5%) Java/1.8.0_71 J 6 ( 0.1%) Java/1.8.0_72 J 97 ( 0.9%) Java/1.8.0_73 J 41 ( 0.4%) Java/1.8.0_74 J 141 ( 1.2%) Java/1.8.0_77 J 461 ( 4.1%) Java/1.8.0_91 J 62 ( 0.5%) Java/1.8.0_92 }}} We should remove it when the percentage of impacted users drops to a very small number (**<5% ?**)." enhancement closed normal 18.04 Core fixed certificate lets encrypt root ca