Minor Description
The keystore model and UI should expose subject alternative names (SANs) to help operators trying to diagnose TLS certificate problems.
Also for the FileTrustStore the model does not make it clear which of the certificates contained within will be used to identify the TLS server (you just have to know that it is the certificate identified by the alias, or the first certificate in the store).