Trust Store vs Key Store - creating with keytool

Question

I understand that the keystore would usually hold private/public keys and the trust store only public keys (and represents the list of trusted parties you intend to communic

Answer 1

Keystore is used by a server to store private keys, and Truststore is used by third party client to store public keys provided by server to access. I have done that in my production application. Below are the steps for generating java certificates for SSL communication:

1. Generate a certificate using keygen command in windows:

keytool -genkey -keystore server.keystore -alias mycert -keyalg RSA -keysize 2048 -validity 3950

2. Self certify the certificate:

keytool -selfcert -alias mycert -keystore server.keystore -validity 3950

3. Export certificate to folder:

keytool -export -alias mycert -keystore server.keystore -rfc -file mycert.cer

4. Import Certificate into client Truststore:

keytool -importcert -alias mycert -file mycert.cer -keystore truststore