Hi Merlin
Google is full of references and examples if you look for something like
"java NSS"
Anyhow, to use a certificate stores on Windows Keystore you have to use
MSCAPI provider ("How to java mscapi")
If you want to use a certificate stored on NSS (Firefox/Thunderbird) or a
pkcs#11 token, then you should use SunPKCS11 provider.
Oracle documentation has examples for both of them ;)
On Fri, Oct 2, 2015 at 5:48 PM, <merlin.w.vinc...@gmail.com> wrote:
> Hello, all -
>
> I'm new to NSS and I'm having trouble finding information on how to get
> started with this - any help will be appreciated!
>
> I have a desktop application that needs to make a client-authenticated
> connection (TLS1.1) to a web server. The particulars:
>
> - Java 8 running on Windows
> - user cert resides in the Windows keystore
> - using NSS 3.20 in FIPS mode
> - configured per
> http://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/FIPS.html
>
> Server-authenticated connections are working correctly, but when I try to
> add client authentication using the Windows-based cert I get this error:
>
> java.security.KeyStoreException: FIPS mode: KeyStore must be from provider
> SunPKCS11-nss-fips
>
> What's the equivalent of the following in NSS land?
>
> KeyStore keystore = KeyStore.getInstance("Windows-MY", "SunMSCAPI");
> keystore.load(null, password);
>
> sslContext = SSLContexts.custom().useTLS().loadKeyMaterial(keyStore,
> password).build();
>
> Thank you!
> Merlin
> --
> dev-tech-crypto mailing list
> dev-tech-crypto@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-tech-crypto
>
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
