Archived Forum Post

Index of archived forum posts

Question:

Using Chilkat on Windows without using Windows Keystore?

Nov 12 '12 at 09:52

Is it possible to use Chilkat's SSL components on Windows computers without using the Windows Keystores? We need this because we do not have access tot the Windows Keystore.

Thanks!


Answer

Chilkat's SSL/TLS implementation does not require access to the Windows "keystore". (I assume that what you mean by "keystore" is really the "protected store" where private keys are contained when a PFX file is imported to the Windows OS. The certs are imported into the registry-based certificate stores, and the associated private key(s) are imported into something called the "protected store"). Chilkat, because it is cross-platform, does not require this.

1) (for SSL/TLS) If no client-side certificate is required, which is 99% of the time, then no private keys from the client-side are required, and therefore there is no issue anyway.

2) If a client-side cert + private key is needed, then it's possible to use Chilkat directly with a PFX file.

3) The only problem that can occur is this situation on a Windows platform: A client-side cert + private key is required, you do not have it as a .pfx file, and it is pre-installed onto the Windows platform such that the associated private key is marked for non-export within the protected store. This is a case where Chilkat won't work. Chilkat needs access to the private key material. It's because the implementation is cross-platform and does not use the Windows Platform SDK for the SSL/TLS implementation.