About
A keystore is a database of key material ie:
- key
- LDAP identity
- certificate
There are actually two:
- a truststore on the client side
- a keystore on the server side
Both keystores and truststores are storage files for private keys, public keys and certificates.
They differs only by their name and functionality. The file format is the same.
In a SSL handshake the purpose of:
- trustStore is to verify credentials. On SSL client side, it will use certificates stored in trustStore to verify identity of Server. Store the server’s certificate along with its private key and certificate chain
- keyStore is to provide credential. On SSL server side, it will contains the private key, the public key and the certificate. The public key and the certificate are send to the client.
Content:
- Keystore: Store the individual/server’s certificate along with its private key and certificate chain
- TrustStore: Store the CA’s certificate. If there is a certificate chain, convert it into PKCS#7 file and store it together.