March 11, 2021

Java Keystore/Truststore question – where to put authentication certs?

From what I’ve found on the topic, the best practice is to put the private keypair that you will use to serve SSL in the Java ‘identity keystore’. Then all the public certs that you use for trust would go in the java ‘truststore’. So, in theory I could have keystore.jks and truststore.jks and pass those in on the java command line args.

Where is the right location for private keys that you use to authenticate with outside servers/services? For example, suppose my app subscribes to a weather data service and they issue me a private key for authenticating. Would it be best to store that in the keystore.jks file alongside the private key I’m using to serve SSL, or should it go in the truststore.jks file (in other words, just put the cert for serving in keystore and everything else in truststore). Or, should it go in some other location.

The people that manage these certs would like everything in one jks file so they don’t have to keep track of too many moving pieces, so I’m interested in the best practices and what kinds of issues you could run into if you combined everything into one JKS file.


Leave a Reply

Your email address will not be published. Required fields are marked *

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.