Keystores allow you to manage the keys that are stored in a database. A keystore must contain a key pair with a certificate signed by a trusted Certificate Authority (CA). A CA is an entity trusted by all parties participating in a secure communication. This entity will certify the trusted party's public keys by signing them. Since the certificate authority is a trusted one, it will accept the public key certificates signed by that particular CA as trusted. See Setting Up Keystores for a Client and a Service.
You an also set up a keystore using XML configuration. See Configuring Keystores.