SSL truststore vs identity store
SSL truststore vs identity store
A very common confusion we come across is the difference between trust store vs identity store .
The main difference between them is the way they are used.
Identity Store : Used to store Server Certificates , CA certificate Chain , Public private key pair. Whenever some client requests Server to communicate on SSL, server uses them to serve the SSL certificate to a client.
Trust Store: Used to store third party Root certificates or Third Party server certificates. It is used to validate the third party server certificates while communicating over SSL.
It can be understood in two way SSL example (mutual authentication) :
1. Client initiates request to server ,
2. Server responds with sending its certificate from identity store to client.
3. Client validates the server certificate against truststore configured on Client.
4. Now server requests client to send it's certificate.
5. Client sends it's certificate to server .
6. Server validates , client's certificate against trust store configured on Server.
Technically they can be same , even we can use single file for both . But not recommended for security reasons.
A very common confusion we come across is the difference between trust store vs identity store .
The main difference between them is the way they are used.
Identity Store : Used to store Server Certificates , CA certificate Chain , Public private key pair. Whenever some client requests Server to communicate on SSL, server uses them to serve the SSL certificate to a client.
Trust Store: Used to store third party Root certificates or Third Party server certificates. It is used to validate the third party server certificates while communicating over SSL.
It can be understood in two way SSL example (mutual authentication) :
1. Client initiates request to server ,
2. Server responds with sending its certificate from identity store to client.
3. Client validates the server certificate against truststore configured on Client.
4. Now server requests client to send it's certificate.
5. Client sends it's certificate to server .
6. Server validates , client's certificate against trust store configured on Server.
Technically they can be same , even we can use single file for both . But not recommended for security reasons.
Nice short summary.
ReplyDelete