jwalcorn
commented
4 years ago Yes, fixed this when I moved from the .jks format to the .12 (PKCS12) format. there's now a separate .p12 file for the keystore and the truststore.
Closed BarDweller closed 4 years ago
jwalcorn
commented
4 years ago Yes, fixed this when I moved from the .jks format to the .12 (PKCS12) format. there's now a separate .p12 file for the keystore and the truststore.
There should be a separation of keystore and truststore
Keystore is for private keys, used for signing stuff, or hosting https endpoints.
Truststore is for verifying stuff, jwts, or connecting to https endpoints.
Truststore should never contain private keys.
Portfolio probably only needs to be using a Truststore to validate JWTs with a public key. (And to trust the outbound calls for watson etc).