A key store is a file that contains public and private keys. Public keys are stored as signer certificates and are sent to the clients that request them. Private keys are stored in the personal certificates and are never sent to others.
A trust store is a file that contains public keys, which are stored as signer certificates from target servers whom you have deemed trustworthy. If the target uses a self-signed certificate, extract the public certificate from the server key store and add the extracted certificate into the trust store as a signer certificate. Otherwise, add the CA root certificate to your trust store.
A certificate is sent from the server to the client during SSL authentication to confirm the identity of the server. Certificates contain data such as the owner's name and email address, duration of validity, web site address, and certificate ID of the person who certifies or signs this information. Trusted parties called Certificate Authorities (CAs) issue digital certificates.
In SSL server authentication, the client prompts the server to prove its identity. The opposite occurs in client authentication, which is also supported through SSL, but not covered here. Client authentication is used when the server needs to send confidential financial information to a customer but wants to verify the identity of the recipient first.