$JAVA_HOME/jre/lib/security/cacertsfile, and you can invoke Java with
-Djavax.net.ssl.keyStore=/path/to/keystore. Both of these approaches are great at first, but they don't scale well. Do you really want to pollute every SSL socket in your JVM (HTTP, LDAP, JDBC, RMI, etc...) with those system-wide changes? Commons-SSL let's you control the SSL options you need in an natural way for each SSLSocketFactory, and those options won't bleed into the rest of your system.
any comments or whitespace up here are ignored -----BEGIN TYPE----- [...base64....] -----END TYPE----- any comments or whitespace down here are also ignored