Hi, SSL/TLS experts A bug was recently filed at
https://bugs.openjdk.java.net/browse/JDK-8059818 The reporter requests for keytool -importcert to pre-trust certs in jre/lib/security/jssecacerts. The command only recognizes jre/lib/security/cacerts now. It is always possible to import a private CA into a user's keystore (where the client side private key is stored) and then import a cert into there without any prompt. However, if you think testing an extra keystore (like jssecacerts) has its own benefit, I will add the support. Thanks Max
