There is no difference between keystore and truststore files. Both are files in the proprietary JKS file format. The distinction is in the use: To the best of my knowledge, Java will only use the store that is referenced by the -Djavax.net.ssl.trustStore
system property to look for certificates to trust when creating SSL connections. Same for keys and -Djavax.net.ssl.keyStore
. But in theory it's fine to use one and the same file for trust- and keystores.