Crystal
Crystal

Reputation: 29518

Java KeyStore jks as certificate authority

I'm converting an old app that uses openssl to Java. I was wondering if there was any downside in using Java's KeyStore as a certificate authority. Like is there any performance loss in using Java's Keystore or any limit on the number of clients' certs that I can store in a Java Keystore? I want to eventually implement 2 way SSL where the client authenticates and the server knows which clients are allowed to talk to it.

Upvotes: 0

Views: 184

Answers (1)

user207421
user207421

Reputation: 311052

I was wondering if there was any downside in using Java's KeyStore as a certificate authority.

You're not using it as a certificate authority. A Certificate Authority is a trusted entity - a company - that signs certificates. A keystore is a file that stores public/private key pairs, signed certificates, and trusted certificates. Don't misuse terminology.

Like is there any performance loss in using Java's Keystore

Compared to what? It's a pretty pointless question when the only alternative is a PKCS#12 keystore, which is also a file, and when both are loaded into memory, and when the performance characteristics of either aren't rate-determining steps in the first place.

or any limit on the number of clients' certs that I can store in a Java Keystore?

No.

Upvotes: 1

Related Questions