Keystores allow you to manage the keys that are stored in a database. A Keystore must contain a key pair with a certificate signed by a trusted Certification Authority (CA). A CA is an entity trusted by all parties participating in a secure communication. This entity will certify the trusted party's public keys by signing them. Since the certificate authority is trusted, it will accept the public key certificates signed by that particular CA as trusted. See Setting Up Keystores for a Client and a Service.
The main reasons for WSO2 keystore management UI, is to provide a UI and API to manage keystores. In Carbon servers, these APIs are mainly used for applying web service security. This UI helps users to add keystores that can be used for WS-Security scenarios. When you are applying ws-security for web services using the management console, you can select a keystores for encryption/signing processes out of these uploaded keystores. This UI also helps you to manage certificates within keystores. Using the UI, you can view the content of the primary keystore of Carbon Server.
Apart from that, all the functions of keystore management UI have been exposed via APIs (also web service API). As a result, if you are writing some custom extension to the Carbon servers (such as, ESB mediators) you can directly access these keystores using API. This helps you to manage keystores hiding a under line complexity. Basically you can use this web service API for third party applications to manage their keystores.