The cacerts Certificates File
A certificates file named cacerts resides in the security properties directory, java.home\lib\security, where java.home is the runtime environment directory (the jre directory in the SDK or the top-level directory of the Java™ 2 Runtime Environment).
The cacerts file represents a system-wide keystore with CA certificates.
System administrators can configure and manage that file using keytool, specifying
jks as the keystore type. The cacerts keystore file
ships with several root CA certificates. The initial password of the cacerts
keystore file is
changeit
. System administrators should change that password and
the default access permission of that file when installing the SDK. Important: Verify
your cacerts file. Since you trust the CAs in the cacerts
file as entities for signing and issuing certificates to other entities, you must manage the
cacerts file carefully. The cacerts file should contain
only certificates of the CAs you trust. It is your responsibility to verify the trusted root CA
certificates bundled in the cacerts file and make your own trust decisions. To
remove an untrusted CA certificate from the cacerts file, use the
delete option of the keytool command. You can find the
cacerts file in the runtime environment installation directory. Contact your
system administrator if you do not have permission to edit this file.