BC JSSE and private keys

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

BC JSSE and private keys

Veit Guna
Hi.

The BC JSSE documentation at
https://downloads.bouncycastle.org/fips-java/BC-FJA-(D)TLSUserGuide-1.0.0.pdf
states, that privates keys aren't supported for the truststore.

I have a project, where I use mutual SSL authentication using client
certs. So I put my certs to a keystore that I configure within tomcat
SSL Connector as keystore+truststore.
Does this mean, that when using BC JSSE implementation as the default
provider, that this won't work anymore?

Cheers
Veit



Reply | Threaded
Open this post in threaded view
|

Re: BC JSSE and private keys

David Hook-3

For what it's worth, the latest version of the document is now:

https://downloads.bouncycastle.org/fips-java/BC-FJA-(D)TLSUserGuide-1.0.5.pdf

I think you should be alright, unless you are relying on a TrustManager
being created for a certificate directly related to a private key.

Regards,

David

On 16/06/18 18:02, Veit Guna wrote:

> Hi.
>
> The BC JSSE documentation at
> https://downloads.bouncycastle.org/fips-java/BC-FJA-(D)TLSUserGuide-1.0.0.pdf
> states, that privates keys aren't supported for the truststore.
>
> I have a project, where I use mutual SSL authentication using client
> certs. So I put my certs to a keystore that I configure within tomcat
> SSL Connector as keystore+truststore.
> Does this mean, that when using BC JSSE implementation as the default
> provider, that this won't work anymore?
>
> Cheers
> Veit
>
>
>
>


Reply | Threaded
Open this post in threaded view
|

BC JSSE and private keys

Veit Guna
Nice!

I tried it and I can confirm it seems to work. Thanks!

Cheers
Veit


Am 16.06.2018 um 10:21 schrieb David Hook:

> For what it's worth, the latest version of the document is now:
>
> https://downloads.bouncycastle.org/fips-java/BC-FJA-(D)TLSUserGuide-1.0.5.pdf
>
> I think you should be alright, unless you are relying on a TrustManager
> being created for a certificate directly related to a private key.
>
> Regards,
>
> David
>
> On 16/06/18 18:02, Veit Guna wrote:
>> Hi.
>>
>> The BC JSSE documentation at
>> https://downloads.bouncycastle.org/fips-java/BC-FJA-(D)TLSUserGuide-1.0.0.pdf
>> states, that privates keys aren't supported for the truststore.
>>
>> I have a project, where I use mutual SSL authentication using client
>> certs. So I put my certs to a keystore that I configure within tomcat
>> SSL Connector as keystore+truststore.
>> Does this mean, that when using BC JSSE implementation as the default
>> provider, that this won't work anymore?
>>
>> Cheers
>> Veit
>>
>>
>>
>>
>