Reputation: 29518
I'm converting an old app that uses openssl to Java. I was wondering if there was any downside in using Java's KeyStore as a certificate authority. Like is there any performance loss in using Java's Keystore or any limit on the number of clients' certs that I can store in a Java Keystore? I want to eventually implement 2 way SSL where the client authenticates and the server knows which clients are allowed to talk to it.
Upvotes: 0
Views: 184
Reputation: 311052
I was wondering if there was any downside in using Java's KeyStore as a certificate authority.
You're not using it as a certificate authority. A Certificate Authority is a trusted entity - a company - that signs certificates. A keystore is a file that stores public/private key pairs, signed certificates, and trusted certificates. Don't misuse terminology.
Like is there any performance loss in using Java's Keystore
Compared to what? It's a pretty pointless question when the only alternative is a PKCS#12 keystore, which is also a file, and when both are loaded into memory, and when the performance characteristics of either aren't rate-determining steps in the first place.
or any limit on the number of clients' certs that I can store in a Java Keystore?
No.
Upvotes: 1