KeyStores and TrustStores
The JSSE makes use of files called KeyStores and TrustStores. The KeyStore is used by the adapter for client authentication, while the TrustStore is used to authenticate a server in SSL authentication.
-
A KeyStore consists of a database containing a private key and an associated certificate, or an associated certificate chain. The certificate chain consists of the client certificate and one or more certification authority (CA) certificates.
-
A TrustStore contains only the certificates trusted by the client (a “trust” store). These certificates are CA root certificates, that is, self-signed certificates. The installation of the Logical Host includes a TrustStore file named cacerts.jks in the location:
<c:\JavaCAPS>\appserver\domains\<MyDomain>\config
where <c:\JavaCAPS> is the directory where Java CAPS is installed and <MyDomain> is the name of your domain. This file is recommended as the TrustStore for the Sun Adapters.
Both KeyStores and TrustStores are managed by means of a utility called keytool, which is a part of the Java SDK installation.
- © 2010, Oracle Corporation and/or its affiliates