Correct me if I'm wrong but my understanding of Keystore file is like a passwords database for an app/s that need to connect to others servers over the network.

How though does each component inside the app know which entry to use from the file?

Yes.

Objects / credentials stored in the keystore have names.

@sbiewald but I don't think the names are ever referred to in the code?

Seems like if an app connects to Server A, opens a Mongo connection against B, or connects to SQL DB on C, somehow it just knows which certs to send for each?

@rEaL-jAsE well mostly theoretical on your it is supposed to work as couldn't find any code examples online using multiple certs in a single app.

Main usage I know of in our code is set HTTP SSL config properties. But don't know how the other keys are used

@donuts The docs have some examples: https://docs.oracle.com/javase/7/...

Of course an imaginary database connection class will likely require a private key object and not how this key is named in the keystore - instead you have some code that will know the name (constant, configuration name, ...) and load the object from the keystore which is then passed to the database connection class (constructor, dependency injection etc.).

In case of Oracle's MySQL connector, you don't even manually have to read the keystore, simply place a certificate with the name "mysqlclient" and the connector should get the hint by itself - at least the documentation indicates this.
I assume other connectors have "well known" names as well.

https://dev.mysql.com/doc/... after "Setting up Client Authentication"

@sbiewald the example looks familiar for our Mongo connector though can't remember the exact args