We need to have ca certificate in der format, so if we have a my-ca.crt pem format ca certificate we need to convert it using:
openssl x509 -in my-ca.crt -inform pem -out my-ca.der -outform der
So to have list of already added certificates to jdk cacerts, we can use:
keytool -v -list -keystore /usr/lib/jvm/java/jre/lib/security/cacerts
default keystore password is: changeit
Keystore path could be different (es: /etc/pki/java/cacerts).
To import ca certificate use:
keytool -importcert -alias local-CA -keystore /usr/lib/jvm/java/jre/lib/security/cacerts -file my-ca.der