Managing SSL certificates for various JVMs on Debian Squeeze

In case of the Sun/Oracle JVM (JRE/JDK) the SSL certificates are store in this keystore: /etc/java-6-sun/security/cacerts. To update it, use the keytool utility that comes with the JRE/JDK.

Eg.
keytool -importcert -alias mycacert -file mycacert.pem -trustcacerts -noprompt -storepass changeit -keystore /etc/java-6-sun/security/cacerts

As you can see from the example, the default keystore password is "changeit".
To verify whether the certificate is actually in the keystore:
keytool -list -alias mycacert -noprompt -storepass changeit -keystore /etc/java-6-sun/security/cacerts

If you use OpenJDK, it's quite a bit different though. Install the ca-certificates-java package, put your certificate file into /usr/local/share/ca-certificates with a .crt extension and run update-ca-certificates. The keystore to check/verify is this time here: /etc/ssl/certs/java/cacerts.