Is there a way to load a different cacerts than the one specified in the java_home/jre/lib/security folder?
I have a single installation of java in a system that runs 2 or 3 applications.
All the applications use the same runtime.
Is there a way to specify a different keystores for the ca certs than the one in java_home/jre/lib/security. That is, is there an option to specify an "extra" keystore that is loaded and added to the certs loaded from java_home/jre/lib/security/cacerts?
What I want to avoid is having to re-import our local ca every time I upgrade the jdk in the box.
Answer
I think you want to specify the truststore:
java -Djavax.net.ssl.trustStore=/home/gene/mycacerts ...
Or if you are using certs through JSSE (you probably are), you can copy your truststore to jssecacerts in the $JAVA_HOME/jre/lib/security/ directory (although you'd still have to do that each time a JDK got installed/reinstalled). Sun's JSSE looks for $JAVA_HOME/jre/lib/security/jssecacerts before $JAVA_HOME/jre/lib/security/cacerts.
See http://java.sun.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html#X509TrustManager