SSL/TLS lectture and Java Truststore

I went through the SSL/TLS lecture in the Devops course, and it really helped me under stand PKI and certificates.

In my job, I have been tasked with working with Java SSL/TLS and have been a little confused by Java’s SSL/TLS terminology: Truststore, keystore, etc. Does anyone have any knowledge on this and how to reconcile Java’s implementation of SSL/TLS to the lecture in this course? Especially concerning Java’s Truststore. How does Truststore relate to this lecture diagram:


Do some more googling to verify what I say here, but I think it boils down to this:

The keystore is where you keep your private keys. So in case you’re creating/configuring a webserver, the keystore is where you’ll store the private key/certificate of your domain.

The truststore is about who you trust. It contains the public keys of trusted servers and of certificate authorities. If you’re connecting to some server, who’s signature does not match a public key in your truststore, stuff will explode.

Idk how all this relates to your screenshot, the keys and locks are a bit random. But I hope the explanation gives you the basic idea.

EDIT: the truststore can be compared with the thing in your browser that contains all the CA public keys. In some linux distros, these key lists are kept in separate packages.