Keystore is used to store private key and identity certificates that a specific program should present to both parties (server or client) for verification.
Truststore is used to store certificates from Certified Authorities (CA) that verify the certificate presented by the server in SSL connection.
Key differences
| Keystore | Truststore |
|---|---|
| Keystore stores your credential. (server or client) | Truststore stores others credentials (CA) |
| Keystore is needed when you are setting up the server side on SSL | Truststore setup is required for the successful connection at the client side |
| Client will store its private key and identify certificate on Keystore | Server will authenticate the client against the certificate stored on the server’s Truststore |
javax.net.ssl.keyStore is used to specify Keystore | javax.net.ssl.trustStore is used to specify Truststore. |
| Keystore passwords are stored in plaintext that is only readable by the specific group. | Truststore passwords are stored in plaintext that can be read by everyone. |
| Keystore contains private and sensitive information | Truststore doesn’t contain private and sensitive information |
