Public Key Infrastructure (PKI)
TLS uses Public Key Infrastructure (PKI) to implement security. PKI uses keys, both public and private, to secure client and server communication. Public and private keys are mathematically related, but they are not the same. This means that a message encrypted with a public key can only be decrypted using the private key. Together, these keys are known as a key pair.
Certificates
Digital certificates are credentials that verify the identities of individuals, computers, and networks. They provide the link between a public key and a business that has been verified (signed) by a trusted third party, known as a certificate authority (CA). Digital certificates provide a convenient way to distribute trusted public encryption keys.
Keystores
Certificates and private keys are stored in Java keystores. Keystore entries are identified using an unique identifier, known as an alias. Often private keys and certificates, with their corresponding public key, are stored separately from those certificates received from other parties that you are using for trust purposes. This separate keystore is referred to as a truststore. A truststore contains certificates from parties that you expect to communicate with or from Certificate Authorities that you trust to identify other parties.