I'm quite a noob when it comes to ssl certificates and it's making me go crazy for the last few days.
I could see there are so many file-formats out there such as .cer,.crt,.pem,.keystore.jks,etc
Can anyone specifically let me know when and in which context are they used?
What is java keystore and what is keystore?
Dont say that jks is used in context of java. I've also seen .keystore file is used as well. :)
I know there are experts out there who'll find this question baseless and illogical, but believe me its really tough for a newbie to understand all these things.
To better understand what a keystore and different types of it, you need to know a little bit about asymmetric key pairs, symmetric keys and certificates.
Asymmetric Key Pairs
The asymmetric key pair is a combination of a public key which can be shared publicly and a private key, which should only be known to the owner of the key pair. This is the basic building block of the Public-key cryptography. In simple words, if you encrypt data with either public key or private key, you can decrypt the data with the other key.
Symmetric Key (secret key)
It is not a key pair, it is just one key. If you encrypt data with this key, you need the same key to decrypt.
Certificate
A certificate is issued by Certificate Authority (CA), to a user. A user can be an individual, a server, a device, and few other types. Basically to request a certificate from a CA, the user first creates a key pair. And then generates a PKCS10 (aka. Certificate Signing Request) using the key pair, and sends this CSR to the CA. The CA then verifies the identity of the user, and issue a certificate. A certificate is basically - User Details + Public Key + Key Pair details. So, basically a certificate is a digital identity of the user.
Keystore
Now, you might be thinking, where do I store all these? This is where the keystore comes in. A keystore is basically a file protected by a password, which stores all these different types of keys and certificates. The keys or certificates stored in a keystore are called an entry. And an entry like a key pair or a secret key can be protected by a password too. And there are couple of types of keystore too.
JKS
The default type of keystore in Java (< 9) is called a Java Key Store (JKS). It can store key pairs and certificates, but cannot store the symmetric keys.
JCEKS (Java Enhanced Key Store)
This is the type of keystore that can store key pairs, certificates and symmetric keys.
PKCS#12
It is a different type of keystore. In terms of internet standard, it should contain only 1 key pair entry (although it can hold more), and the password of that key pair should be the same as the keystore's password.
TrustStore
It is JKS. But when used in a particular context, it is called a truststore, and in other cases, it is called a keystore. You know a keystore can hold key pairs and certificates, but when a keystore contains only certificates, it is called a truststore. When you have a truststore, it is better not to add any key pair entries to it. The purpose of the truststore is to maintain all the certificates of the trusted CA's (eg. cacerts in java).
Now, the answers to your questions:
PS: These are not technical definitions, just statements that could be easily understood.