diff --git a/Delete-expired-certificate-globalsignr2ca.patch b/Delete-expired-certificate-globalsignr2ca.patch
new file mode 100755
index 0000000000000000000000000000000000000000..8b771adb934f6aac903c243e8c3c06067c2d6db7
--- /dev/null
+++ b/Delete-expired-certificate-globalsignr2ca.patch
@@ -0,0 +1,121 @@
+From d64c9b5f69fa307c1fdc44ce8e2a063e805400b8 Mon Sep 17 00:00:00 2001
+From: zhangyipeng <zhangyipeng7@huawei.com>
+Date: Wed, 15 Dec 2021 18:26:13 +0800
+Subject: [PATCH 2/2] Delete expired certificate
+
+---
+ jdk/make/data/cacerts/globalsignr2ca          | 29 -------------------
+ jdk/make/data/cacerts/identrustdstx3          | 27 -----------------
+ .../security/lib/cacerts/VerifyCACerts.java   |  8 ++---
+ 3 files changed, 2 insertions(+), 62 deletions(-)
+ delete mode 100644 jdk/make/data/cacerts/globalsignr2ca
+ delete mode 100644 jdk/make/data/cacerts/identrustdstx3
+
+diff --git a/jdk/make/data/cacerts/globalsignr2ca b/jdk/make/data/cacerts/globalsignr2ca
+deleted file mode 100644
+index 746d1fab9..000000000
+--- a/jdk/make/data/cacerts/globalsignr2ca
++++ /dev/null
+@@ -1,29 +0,0 @@
+-Owner: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
+-Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
+-Serial number: 400000000010f8626e60d
+-Valid from: Fri Dec 15 08:00:00 GMT 2006 until: Wed Dec 15 08:00:00 GMT 2021
+-Signature algorithm name: SHA1withRSA
+-Subject Public Key Algorithm: 2048-bit RSA key
+-Version: 3
+------BEGIN CERTIFICATE-----
+-MIIDujCCAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEgMB4G
+-A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNp
+-Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDYxMjE1MDgwMDAwWhcNMjExMjE1
+-MDgwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEG
+-A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI
+-hvcNAQEBBQADggEPADCCAQoCggEBAKbPJA6+Lm8omUVCxKs+IVSbC9N/hHD6ErPL
+-v4dfxn+G07IwXNb9rfF73OX4YJYJkhD10FPe+3t+c4isUoh7SqbKSaZeqKeMWhG8
+-eoLrvozps6yWJQeXSpkqBy+0Hne/ig+1AnwblrjFuTosvNYSuetZfeLQBoZfXklq
+-tTleiDTsvHgMCJiEbKjNS7SgfQx5TfC4LcshytVsW33hoCmEofnTlEnLJGKRILzd
+-C9XZzPnqJworc5HGnRusyMvo4KD0L5CLTfuwNhv2GXqF4G3yYROIXJ/gkwpRl4pa
+-zq+r1feqCapgvdzZX99yqWATXgAByUr6P6TqBwMhAo6CygPCm48CAwEAAaOBnDCB
+-mTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUm+IH
+-V2ccHsBqBt5ZtJot39wZhi4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5n
+-bG9iYWxzaWduLm5ldC9yb290LXIyLmNybDAfBgNVHSMEGDAWgBSb4gdXZxwewGoG
+-3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAmYFThxxol4aR7OBKuEQLq4Gs
+-J0/WwbgcQ3izDJr86iw8bmEbTUsp9Z8FHSbBuOmDAGJFtqkIk7mpM0sYmsL4h4hO
+-291xNBrBVNpGP+DTKqttVCL1OmLNIG+6KYnX3ZHu01yiPqFbQfXf5WRDLenVOavS
+-ot+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG79G+dwfCMNYxd
+-AfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmgQWpzU/qlULRuJQ/7
+-TBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq/H5COEBkEveegeGTLg==
+------END CERTIFICATE-----
+diff --git a/jdk/make/data/cacerts/identrustdstx3 b/jdk/make/data/cacerts/identrustdstx3
+deleted file mode 100644
+index 87a0d0c4f..000000000
+--- a/jdk/make/data/cacerts/identrustdstx3
++++ /dev/null
+@@ -1,27 +0,0 @@
+-Owner: CN=DST Root CA X3, O=Digital Signature Trust Co.
+-Issuer: CN=DST Root CA X3, O=Digital Signature Trust Co.
+-Serial number: 44afb080d6a327ba893039862ef8406b
+-Valid from: Sat Sep 30 21:12:19 GMT 2000 until: Thu Sep 30 14:01:15 GMT 2021
+-Signature algorithm name: SHA1withRSA
+-Subject Public Key Algorithm: 2048-bit RSA key
+-Version: 3
+------BEGIN CERTIFICATE-----
+-MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/
+-MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
+-DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow
+-PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
+-Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+-AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O
+-rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq
+-OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b
+-xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw
+-7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD
+-aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
+-HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG
+-SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69
+-ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr
+-AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz
+-R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5
+-JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo
+-Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
+------END CERTIFICATE-----
+diff --git a/jdk/test/sun/security/lib/cacerts/VerifyCACerts.java b/jdk/test/sun/security/lib/cacerts/VerifyCACerts.java
+index e4fc63ad7..f46355e8c 100644
+--- a/jdk/test/sun/security/lib/cacerts/VerifyCACerts.java
++++ b/jdk/test/sun/security/lib/cacerts/VerifyCACerts.java
+@@ -53,12 +53,12 @@ public class VerifyCACerts {
+             + File.separator + "security" + File.separator + "cacerts";
+ 
+     // The numbers of certs now.
+-    private static final int COUNT = 86;
++    private static final int COUNT = 84;
+ 
+     // SHA-256 of cacerts, can be generated with
+     // shasum -a 256 cacerts | sed -e 's/../&:/g' | tr '[:lower:]' '[:upper:]' | cut -c1-95
+     private static final String CHECKSUM
+-            = "A5:00:71:02:B4:8B:AC:BE:64:34:0A:F2:DF:9D:F7:75:9D:05:84:7E:F6:EA:48:F0:64:36:29:8C:E7:A2:2D:63";
++            = "D3:05:21:64:FA:D7:CD:29:E8:CB:57:E7:47:ED:79:9B:47:D8:0E:75:2D:CA:83:BB:86:AF:D9:43:FD:3E:17:85";
+ 
+     // map of cert alias to SHA-256 fingerprint
+     @SuppressWarnings("serial")
+@@ -139,8 +139,6 @@ public class VerifyCACerts {
+                     "49:E7:A4:42:AC:F0:EA:62:87:05:00:54:B5:25:64:B6:50:E4:F4:9E:42:E3:48:D6:AA:38:E0:39:E9:57:B1:C1");
+             put("dtrustclass3ca2ev [jdk]",
+                     "EE:C5:49:6B:98:8C:E9:86:25:B9:34:09:2E:EC:29:08:BE:D0:B0:F3:16:C2:D4:73:0C:84:EA:F1:F3:D3:48:81");
+-            put("identrustdstx3 [jdk]",
+-                    "06:87:26:03:31:A7:24:03:D9:09:F1:05:E6:9B:CF:0D:32:E1:BD:24:93:FF:C6:D9:20:6D:11:BC:D6:77:07:39");
+             put("identrustpublicca [jdk]",
+                     "30:D0:89:5A:9A:44:8A:26:20:91:63:55:22:D1:F5:20:10:B5:86:7A:CA:E1:2C:78:EF:95:8F:D4:F4:38:9F:2F");
+             put("identrustcommercial [jdk]",
+@@ -209,8 +207,6 @@ public class VerifyCACerts {
+                     "17:9F:BC:14:8A:3D:D0:0F:D2:4E:A1:34:58:CC:43:BF:A7:F5:9C:81:82:D7:83:A5:13:F6:EB:EC:10:0C:89:24");
+             put("globalsigneccrootcar4 [jdk]",
+                     "BE:C9:49:11:C2:95:56:76:DB:6C:0A:55:09:86:D7:6E:3B:A0:05:66:7C:44:2C:97:62:B4:FB:B7:73:DE:22:8C");
+-            put("globalsignr2ca [jdk]",
+-                    "CA:42:DD:41:74:5F:D0:B8:1E:B9:02:36:2C:F9:D8:BF:71:9D:A1:BD:1B:1E:FC:94:6F:5B:4C:99:F4:2C:1B:9E");
+             put("teliasonerarootcav1 [jdk]",
+                     "DD:69:36:FE:21:F8:F0:77:C1:23:A1:A5:21:C1:22:24:F7:22:55:B7:3E:03:A7:26:06:93:E8:A2:4B:0F:A3:89");
+             put("globalsignrootcar6 [jdk]",
+-- 
+2.22.0
+
diff --git a/openjdk-1.8.0.spec b/openjdk-1.8.0.spec
index 058558f4e805b3532167b6409252a374d00f74da..6eaccef2297fc5818c2160a7fd1760d0175298a1 100644
--- a/openjdk-1.8.0.spec
+++ b/openjdk-1.8.0.spec
@@ -916,7 +916,7 @@ Provides: java-%{javaver}-%{origin}-accessibility%{?1} = %{epoch}:%{version}-%{r
 
 Name:    java-%{javaver}-%{origin}
 Version: %{javaver}.%{updatever}.%{buildver}
-Release: 6
+Release: 7
 # java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons
 # and this change was brought into RHEL-4. java-1.5.0-ibm packages
 # also included the epoch in their virtual provides. This created a
@@ -1115,14 +1115,17 @@ Patch217: 8202142-jfr-event-io-TestInstrumentation-is-unstable.patch
 Patch218: 8143251-Thread-suspend-on-VM_G1IncCollectionPause-do.patch
 Patch219: G1Uncommit-Introduce-G1PeriodGCNotRetry-control-whet.patch
 Patch220: JDK-debug-version-crash-when-using-AppCDS.patch
+
+# 8u312
 Patch221: 8183543-Aarch64-C2-compilation-often-fails-with-fail--last.patch
 Patch222: 8273111-Default-timezone-should-return-zone-ID-if-locatiome-is-valid-but-not-canonicalization-on-linux.patch
 Patch223: 8233280-Remove-GCLockerInvokesConcurrent-relative-logic-for-G1.patch
 Patch224: G1Ucommit-Refactor-Trigger-mechanism.patch
 Patch225: G1-Full-GC-parallel-mark.patch
 Patch226: G1Uncommit-add-G1UncommitLog-limit-before-G1Uncommit.patch
+Patch227: Delete-expired-certificate-globalsignr2ca.patch
 
-# 8u312
+# 8u322
 
 #############################################
 #
@@ -1592,6 +1595,7 @@ pushd %{top_level_dir_name}
 %patch224 -p1
 %patch225 -p1
 %patch226 -p1
+%patch227 -p1
 popd
 
 # System library fixes
@@ -2209,6 +2213,9 @@ require "copy_jdk_configs.lua"
 %endif
 
 %changelog
+* Thu Dec 16 2021 kuenking111 <wangkun49@huawei.com> - 1:1.8.0.312-b07.7
+- add Delete-expired-certificate-globalsignr2ca.patch
+
 * Fri Dec 10 2021 kuenking111 <wangkun49@huawei.com> - 1:1.8.0.312-b07.6
 - add G1Uncommit-add-G1UncommitLog-limit-before-G1Uncommit.patch