Easy Guide to SSL - All the terms you need to know

Easy Guide to SSL - All the terms you need to know

Feb 20, 2021 - Java

SSL Series - Table of Contents

Part 1 : Easy Guide to SSL - All the terms you need to know - [This article]


Terminology - Age old confusion 

Are you confused with the different terms like Certificate, Certificate Chain, KeyStore, TrustStore and different formats like PKCS#12 and PEM ? Searching for these jargon confused even more ? Dont worry, after reading through this article, you will never need to search again.
Let us understand what each of the above terms are. Think about an analogy of a student graduating from a college. In some countries, some colleges are affiliated to a university. When a student graduates from his college, they are provided with a graduation certificate. This certificate acts as an artifact that other instituations can trust when student continues with further studies.
The college needs to be certified by a university and hence maintains a certificate in its office. These certificates are often inspected by university authorities.
Finally, the university is controlled by a government education department and imagine it needs to be certified by the department.
This analogy is pretty similar to what we have in SSL communication. The student certificate is termed here as Client Certificate. The certificate that the college has is termed as Intermediate Certificate. In SSL world, there can be multiple colleges. So multiple Intermediate Certificates are possible.
The certificate that the university gets from the government department is the Root Certificate. The entire chain of certificates from university to student is termed as Certificate Chain.

KeyStore Vs TrustStore 

To understand the difference between a KeyStore and a TrustStore, first understand what is a Store. A Store is an archive much like a safe to store all the security artifacts like a Certificate, Public/Private Key or a Chain of certificates or all of them.
A KeyStore basically has all artifacts required to talk to a server. Often, servers ask for these artifacts before talking or before trusting the client.
A TrustStore has artifacts for a client to trust a server before talking to the server or before trusting the server. These are only conceptually different although we can use a single store for both.

Certificate Formats - PKCS#12, PFX, PEM, JKS etc 

PKCS#12(.p12)/PEM(.pem) files can contain a certificate, certificate request, public key, private key or all of the above.
Public Key Cryptography Standards(PKCS) are binary files. These are the newer format of .pfx files. #12 is the 12th version of the standard.
Privacy Enhanced Mail(PEM) are text file alternative to PKCS format. Since its not easy to transfer the binary files over all media like an email for instance, there was a need to manipulate security artifacts in an easier way. This is why the PEM format gained popularity.
Java Key Store(JKS) are binary files similar to PKCS#12. Created for java based systems.
.pem is a generic file extension. It is recommended to use .cer, .crt for a certificate and .key for public or private keys, although we can use .pem for all the artifacts.

Sample .p12 file


Sample .pem file

Thats all folks !! Happy coding. If you feel this helped you, keep supporting us by   or  or  below or on the articles on social media.
Like us on: