Hi Merlin Google is full of references and examples if you look for something like "java NSS"
Anyhow, to use a certificate stores on Windows Keystore you have to use MSCAPI provider ("How to java mscapi") If you want to use a certificate stored on NSS (Firefox/Thunderbird) or a pkcs#11 token, then you should use SunPKCS11 provider. Oracle documentation has examples for both of them ;) On Fri, Oct 2, 2015 at 5:48 PM, <merlin.w.vinc...@gmail.com> wrote: > Hello, all - > > I'm new to NSS and I'm having trouble finding information on how to get > started with this - any help will be appreciated! > > I have a desktop application that needs to make a client-authenticated > connection (TLS1.1) to a web server. The particulars: > > - Java 8 running on Windows > - user cert resides in the Windows keystore > - using NSS 3.20 in FIPS mode > - configured per > http://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/FIPS.html > > Server-authenticated connections are working correctly, but when I try to > add client authentication using the Windows-based cert I get this error: > > java.security.KeyStoreException: FIPS mode: KeyStore must be from provider > SunPKCS11-nss-fips > > What's the equivalent of the following in NSS land? > > KeyStore keystore = KeyStore.getInstance("Windows-MY", "SunMSCAPI"); > keystore.load(null, password); > > sslContext = SSLContexts.custom().useTLS().loadKeyMaterial(keyStore, > password).build(); > > Thank you! > Merlin > -- > dev-tech-crypto mailing list > dev-tech-crypto@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-tech-crypto > -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto