Reputation: 29518
Java KeyStore jks as certificate authority
I'm converting an old app that uses openssl to Java. I was wondering if there was any downside in using Java's KeyStore as a certificate authority. Like is there any performance loss in using Java's Keystore or any limit on the number of clients' certs that I can store in a Java Keystore? I want to eventually implement 2 way SSL where the client authenticates and the server knows which clients are allowed to talk to it.
Upvotes: 0
Views: 184
Answers (1)
Reputation: 311052
I was wondering if there was any downside in using Java's KeyStore as a certificate authority.
You're not using it as a certificate authority. A Certificate Authority is a trusted entity - a company - that signs certificates. A keystore is a file that stores public/private key pairs, signed certificates, and trusted certificates. Don't misuse terminology.
Like is there any performance loss in using Java's Keystore
Compared to what? It's a pretty pointless question when the only alternative is a PKCS#12 keystore, which is also a file, and when both are loaded into memory, and when the performance characteristics of either aren't rate-determining steps in the first place.
or any limit on the number of clients' certs that I can store in a Java Keystore?
No.
Upvotes: 1
Related Questions
- SSL and cert keystore
- Create java keystore from private key and CA certificate bundle
- How to import a jks certificate in java trust store
- Convert or import SSL certificate to java keystore
- keystore.jks to be used in Java application
- Create a keystore file (.jks) and a self signed certificate (.cer/.crt) in Java
- Java client certificates and keystores
- Loading a Certificate from a Keystore
- Create a Java Keystore from a openssl Self-Signed certificate file
- java using private key with Certificates and Keystore?