How Broker Uses a Keystore and Truststore
For a Broker component to be SSL authenticated, it must have a valid, authorized X.509 certificate installed in a keystore file and the trusted root for the CA that issued the certificate installed in a truststore file. The following figure illustrates these requirements and the relationship between the two files.
Example Truststore File and Keystore File Showing Relationship
As shown in the above figure, the same truststore file can contain multiple trusted roots. These trusted roots may be associated with numerous keystore files. A keystore file contains the key pair for a single Broker component, and can contain the entire certificate chain required for a Broker component's authentication.