Keystore and Truststore - SSL

Keystore (JKS):

In context of SSL / TLS, keystore is where server / or client store its certificate and private key This is required when you are going to authenticate yourself to remote connection.

There is a scenario where client want to access any service from server and the connection between is TLS 2 way. In that case when client makes a call to server, server respond with its certificate which client validates from CA truststore. In reply client also sends its certificate which server will identify using its truststore CAs.

Truststore:

Java comes with default trust store JRE / lib / security / cacerts.

Truststore store all CA's(certificate authorities) certificates. These CA will verify the certificate presented by server.