Archived Forum Post

Index of archived forum posts

Question:

Using Chilkat on Windows without using Windows Keystore?

Nov 12 '12 at 09:52

Is it possible to use Chilkat's SSL components on Windows computers without using the Windows Keystores? We need this because we do not have access tot the Windows Keystore.

Thanks!

---

Answer

Chilkat's SSL/TLS implementation does not require access to the Windows "keystore". (I assume that what you mean by "keystore" is really the "protected store" where private keys are contained when a PFX file is imported to the Windows OS. The certs are imported into the registry-based certificate stores, and the associated private key(s) are imported into something called the "protected store"). Chilkat, because it is cross-platform, does not require this.

1) (for SSL/TLS) If no client-side certificate is required, which is 99% of the time, then no private keys from the client-side are required, and therefore there is no issue anyway.

2) If a client-side cert + private key is needed, then it's possible to use Chilkat directly with a PFX file.

3) The only problem that can occur is this situation on a Windows platform: A client-side cert + private key is required, you do not have it as a .pfx file, and it is pre-installed onto the Windows platform such that the associated private key is marked for non-export within the protected store. This is a case where Chilkat won't work. Chilkat needs access to the private key material. It's because the implementation is cross-platform and does not use the Windows Platform SDK for the SSL/TLS implementation.