What is difference between cacerts and keystore?

133
votes

What's the difference between the two, cacerts and keystore?

If I use the definition found in these links, cacerts and keystore, it seems that they're a collection of certificates, but in context of a (Java) distributed system. Which one is used to authenticate during an SSL connection? Both or just one of them or alternate?

4
javacertificatekeystore
cacerts = certificate authority certificates? - Peter Mortensen

4 Answers

159
votes

'cacerts' is a truststore. A trust store is used to authenticate peers. A keystore is used to authenticate yourself.

53
votes

cacerts is where Java stores public certificates of root CAs. Java uses cacerts to authenticate the servers.

Keystore is where Java stores the private keys of the clients so that it can share it to the server when the server requests client authentication.

2
votes

Cacerts are details of trusted signing authorities who can issue certs. This what most of the browsers have due to which certs determined to be authentic.

Keystore has your service related certs to authenticate clients.

0
votes

Check your JAVA_HOME path. As systems looks for a java.policy file which is located in JAVA_HOME/jre/lib/security. Your JAVA_HOME should always be ../JAVA/JDK.