I am trying to set up a Jetty HTTPS server. The configuration forced me to re-read Java Key Stores, Key Managers and Trust Stores.

These are a few notes to jog my memory in the future, someday when I need to re-read this again…

A Java key store (KeyStore) is a repository of security certificates: e.g. public key certificates used in SSL encryption.

A key manager and trust manager handle key management and trust management of X509 certificates respectively. For example, a key manager is used during an SSL handshake to select a certificate that best identifies the client to the SSL service.

A Java key manager (KeyManager) is used to get the certificate needed to authenticate a local SSLSocket to its peer. If no certificate is available, then the socket can not present any authentication credentials. (Ref. JavaDoc).

A Java trust store (TrustStore) contains a set of “trustworthy” Certificate Authority (CA) certificates. If a server has a certificate installed that was signed by a “well recognized” CA (e.g. Verisign or whoever), then the default Java trust store that ships with a JRE should already trust it, because the default trust store already trusts many commonly recognized “trustworthy” CAs.

Back to configuring…

No comments yet

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: