The Certificate Store and Certificates
Both key stores and trust stores are certificate stores to store and manage the key certificate pairs or public certificates used in secure connections with the SSL protocol. Key stores manage key certificate pairs and trust stores manage the public certificates of trusted peers.
Key Certificate Pairs
For Presto, the key certificate pair stored in the key store identifies the Presto Server to users, for both one-way and mutual SSL. The key certificate pair identifies the Presto Server to mashable information sources for mutual SSL.
You must generate a key certificate pair for Presto. Typically you also have the key certificate pair signed by a Certificate Authority and import this into the certificate store using the Java keytool utility or other certificate management tools.
Trusted Peer Cerficates
The public certificates from peers are stored in the trust store and identify users, for mutual SSL, or identify information sources (mashable or direct sources used in mashups), for one-way or mutual SSL.
When public certificates for peers are signed by well known Certificate Authorities, they are automatically verified and imported into the trust store. If public certificates are self-signed or signed by an unknown Certificate Authority (the CA root certificate is not found in the trust store), you must obtain and import the public certificates to the trust store before the first connection occurs during:
User login.
Mashable registration.
Direct invocation in mashups.
The Certificate Store
You can use a single certificate store as both the key store and trust store for Presto or you can use separate certificate stores. You can use an existing certificate store for Presto, such as the default certificate store shipped with some application servers. Or you can create a new certificate store using the Java keytool utility.
See
Java keytool documentation for more information, commands and instructions on managing key certificate pairs, trusted certificates and certificate stores.