The User Key Store is associated with the server side of the client-server relationship. This store holds certificates, each with its public and private keys. In addition, this store contains the self-signed certificate initially created when you launched Workbench or booted the platform for the first time.

The User and System Trust Stores are associated with the client side of the client-server relationship. The System Trust Store comes pre-populated with standard public certificates: root CA certificates from well-known Certificate Authorities, such as VeriSign, Thawte and Digicert. The User Trust Store holds root CA and intermediate certificates for companies who serve as their own certificate authority.

The Allowed Hosts list contains server certificate(s) for which no trusted root CA certificate exists in the client’s System or User Trust Stores, but the server certificates have been approved for use anyway. This includes servers for which the host name of the server is not the same as the Common Name in the server certificate. You approve the use of these certificates on an individual basis. While communication is secure, it is better to use signed server certificates.