{"id":3838,"date":"2020-07-01T16:46:10","date_gmt":"2020-07-01T16:46:10","guid":{"rendered":"http:\/\/codethataint.com\/blog\/?p=3838"},"modified":"2020-07-01T17:21:27","modified_gmt":"2020-07-01T17:21:27","slug":"3838-2","status":"publish","type":"post","link":"https:\/\/codethataint.com\/blog\/3838-2\/","title":{"rendered":"Keystore and Truststore"},"content":{"rendered":"<p><strong>KeyStore and TrustStore<\/strong><\/p>\n<ol>\n<li>Technically a KeyStore and a TrustStore are of same. They just serve different purposes based on what they contain.<\/li>\n<li>A KeyStore is simply a database or repository or a collection of Certificates or Secret Keys or key pairs. When a KeyStore contains only certificates, you call it a TrustStore.<\/li>\n<li>When you also have Private Keys associated with their corresponding Certificate chain (Key Pair or asymmetric keys),  it is called a KeyStore.<\/li>\n<li>Your truststore will be in your JAVA_HOME&#8212;> JRE &#8211;>lib&#8212;> security&#8211;> cacerts<\/li>\n<li>&#8216;cacerts&#8217; is a truststore. A trust store is used to authenticate peers. A keystore is used to authenticate yourself in <strong>mutual authentication<\/strong> <\/li>\n<li>cacerts is where Java stores public certificates of root CAs. Java uses cacerts to authenticate the servers.<br \/>\nKeystore is where Java stores the private keys of the clients so that it can share it to the server when the server requests client authentication.\n<\/li>\n<li>Keystore is used to store private key and identity certificates that a specific program should present to both parties (server or client) for verification.<br \/>\nTruststore is used to store certificates from Certified Authorities (CA) that verify the certificate presented by the server in SSL connection.\n<\/li>\n<li>Mutual authentication requires Keystore and Truststore whereas Server-Client authentication requires truststore to store Certificates from CA.<\/li>\n<\/ol>\n<p><img decoding=\"async\" src=\"http:\/\/codethataint.com\/blog\/wp-content\/uploads\/2020\/07\/mutualau.jpg\" alt=\"\" \/><br \/>\n<img decoding=\"async\" src=\"http:\/\/codethataint.com\/blog\/wp-content\/uploads\/2020\/07\/csauth.jpg\" alt=\"\" \/><\/p>\n<p><strong>List the content of your keystore file<\/strong><\/p>\n<pre>\r\nkeytool -v -list -keystore .keystore\r\n<\/pre>\n<p>specific alias, you can also specify it in the command<\/p>\n<pre>\r\nkeytool -list -keystore .keystore -alias foo\r\n<\/pre>\n<p><strong>Importing Certificate to Truststore<\/strong><\/p>\n<pre>\r\nkeytool -import -trustcacerts -keystore $JAVA_HOME\/jre\/lib\/security\/cacerts -storepass changeit -alias Root -import -file Trustedcaroot.txt\r\n<\/pre>\n","protected":false},"excerpt":{"rendered":"<p>KeyStore and TrustStore Technically a KeyStore and a TrustStore are of same. They just serve different purposes based on what they contain. A KeyStore is simply a database or repository or a collection of Certificates or Secret Keys or key pairs. When a KeyStore contains only certificates, you call it a TrustStore. When you also&hellip; <a href=\"https:\/\/codethataint.com\/blog\/3838-2\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[315],"tags":[],"class_list":["post-3838","post","type-post","status-publish","format-standard","hentry","category-java-security"],"_links":{"self":[{"href":"https:\/\/codethataint.com\/blog\/wp-json\/wp\/v2\/posts\/3838","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/codethataint.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/codethataint.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/codethataint.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/codethataint.com\/blog\/wp-json\/wp\/v2\/comments?post=3838"}],"version-history":[{"count":5,"href":"https:\/\/codethataint.com\/blog\/wp-json\/wp\/v2\/posts\/3838\/revisions"}],"predecessor-version":[{"id":3843,"href":"https:\/\/codethataint.com\/blog\/wp-json\/wp\/v2\/posts\/3838\/revisions\/3843"}],"wp:attachment":[{"href":"https:\/\/codethataint.com\/blog\/wp-json\/wp\/v2\/media?parent=3838"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/codethataint.com\/blog\/wp-json\/wp\/v2\/categories?post=3838"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/codethataint.com\/blog\/wp-json\/wp\/v2\/tags?post=3838"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}