Cryptography - Truststore


A truststore is a store that is (used normally on the client side) when making decisions about what to trust.

If you receive data from an entity that you already trust, and if you can verify that the entity is the one that it claims to be, then you can assume that the data really came from that entity.

An entry should only be added to a truststore if the user trusts that entity.

Content / Structure

A truststore contains:



Every browser has a truststore of the root and intermediate certificate.

Example: Chrome > Settings > Manage Certificate

Chrome Truststore

More Browser - Certificate


Cryptography - Java cacerts truststore (CA Certificates)


Generating trust

By either generating a key pair or by importing a certificate, the user gives trust to that entry. Any entry in the truststore is considered a trusted entry.


A TrustManager is a program (function) that determines whether remote connection should be trusted or not i.e. whether remote party is who it claims to.

Discover More
Web Site Certificate
Browser - Certificate

in the browser You can see the certificate of the web site in the browser Every browser has a truststore Example: Chrome > Settings > Manage Certificate
Cryptography - Java cacerts truststore (CA Certificates)

cacerts is the default truststore of Java. It comes with a Java Installation. It's in the jks format and contains CA certificate. If your server’s certificate is signed by a recognized CA, the default...
Cryptography - Storage of key material

This page lists the datastore / file of cryptographic material such as: key LDAP identity certificat signing request and more. Key and key pair file format is the binary...
Cryptography - Store (KeyStore|Truststore)

A keystore is a database of key material ie: key LDAP identity certificate There are actually two: a truststore on the client side a keystore on the server side Both keystores and truststores...
Certificate Validity Period Not Before Not After Portecle
Cryptography Certificate - How to self-signed a Certificate (for a test or internal server)

When a certificate is used to sign itself, it is called a self signed certificate. All root CA certificates of the certificate chain are self signed. This article shows you how to create a self-signed...

Share this page:
Follow us:
Task Runner