Identity keystore:
This will be used to store the server certificate(private key/digital certificate pairs). When the client contacts server the digital certificate presented in this keystore will be sent.
Trust Keystore:
This will contain the certificates whom weblogic trust( ie root CA certificates like VeriSign,GoDaddy etc).When a client presents their certificate it checks the issuer of the certificate. If it is issued by CA whose certificate is in the trust store then the validation passes. otherwise weblogic detects it as an invalid certificate.
more details
http://one-size-doesnt-fit-all.blogspot.com/2009/09/weblogic-server-identity-vs-trust.html
Why do you need certificate. Just plain trust in enough.
ReplyDelete