I have made a client-server system using Java Sockets before. I'm working on another project now with clients and a server and this time I want to use an encrypted connection using JSSE.

I have been researching with Google finding out how SSL works and I found this tutorial very useful: Using JSSE for secure socket communication
It explains how to use Keytool to generate public-private keys and how to create an SSLSocket.

In this tutorial it appears all the clients have the same key-pair and these are stored as files that the client needs access to: the servers public key and the clients own public and private key. In my system I want anyone to be able to download my client app and create an account and log in. My concern is if all the clients have the same key-pair then anyone can download the client and see what it's private key is which means the private key is no longer private. That sounds like a big problem to me but please correct me if I am wrong.

I was thinking the fix would be for the clients to generate their own key-pairs, tell the server its public key and then start the encrypted connection. Please can someone tell me how clients should generate keys for this purpose? And would I be right in thinking the server would need to use a TrustStore to keep track of each clients public key?

And of course if anyone has any other suggestions I would be happy to hear them :-)