Difference between trustStore vs keyStore in Java SSL

http://www.java67.com/2012/12/difference-between-truststore-vs.html

1) Keystore is used to store your credential (server or client) while truststore is used to store others credential (Certificates from CA).

2) Keystore is needed when you are setting up server side on SSL, it is used to store server's identity certificate, which server will present to a client on the connection while trust store setup on client side must contain to make the connection work. If you browser to connect to any website over SSL it verifies certificate presented by server against its truststore.

3) Though I omitted this on the last section to reduce confusion but you can have both keystore and truststore on client and server side if the client also needs to authenticate itself on the server. In this case, client will store its private key and identify certificate on keystore and server will authenticate the client against certificate stored on server's trust store.

4) In Java -javax.net.ssl.keyStore property is used to specify keystore while -javax.net.ssl.trustStore is used to specify trustStore.

5) In Java, one file can represent both keystore vs truststore but it's better to separate private and public credential both for security and maintenance reason.

6 Wn you install JDK or JRE on your machine, Java comes with its own truststore (collection of certificate from well known CA like Verisign, goDaddy, thwarte etc. you can find this file inside

JAVA_HOME/JRE/Security/cacerts where JAVA_HOME is your JDK Installation directory.

7) keytool command (binary comes with JDK installation inside JAVA_HOME/bin) can be used to create and view both keyStore and trustStore.