How are trust stores and Key stores used in SSL?

Question

When creating an SSL connection using Java we first initialize an SSLContext with our KeyStores and TrustStores. SSLContext in javax.net.ssl has a method called createSSLEngine() to create an SSLEngine. So when creating a session for the connection, the created SSLEngine will be used. My question is at which point of SSL protocol the keyManagers and TrustManagers from the KeyStores and TrustStores be used?

Thanks in advance.

Answer 1

During the SSL handshake while establishing mutual trust and authenticity and creating an SSL session.

As to your send question, the standard JSSE trust manager considers a certificate chain trusted if at least one cert in the chain is trusted. It does not have to be the root cert. If you are absolutely sure that you have to establish validity and authenticity of the root cert, you should implement a custom TrustManager and use it instead of the default implementation.