A key store : contains the personal certificates that can be used as the

identity for the SSL end point referencing the key store. If more than one
certificate is present, a certificate alias on the SSL configuration specifies one
of the personal certificates. When an SSL connection is made (on either the
client or the server side), certificates may be exchanged. The personal
certificate referenced by the SSL configuration and stored in the key store is
the certificate that will be used.

A personal certificate : represents the identity of the end point and contains a
public and private key for signing/encrypting data.

A trust store: contains the signer certificates which this end point trusts when
either making connections (from an outbound end point) or accepting
connections (for an inbound end point).

A signer certificate: IT represents a certificate and public key associated with

some personal certificate. The purpose of the signer certificate is to verify
personal certificates. By accepting the signer certificate into an end point's
trust store, you are allowing the owner of the private key to establish
connections with this end point; that is, the signer certificate explicitly trusts
connections made to or by the owner of the associated personal certificate.
The signer certificate is typically made completely public by the owner of the
personal certificate, but it's up to the receiving entity to determine if it is a
trusted signer prior to adding it to the trust store.