Yesterday, Apple released an update to Java for OS X.  I had trusted a self-signed cert with my old java installation, and it stopped working with the update, so I had to figure out how to add it again.  It’s not very hard, but kind of tricky to figure out, so here you have it.

First, export the cert using a web browser or whatever.  I used firefox, because it is easy, and I couldn’t figure out how to do it in chrome.  You should end up with a simple PEM encoded file.  Then here’s how you import it:

$ cd /System/Library/Java/Support/CoreDeploy.bundle/Contents/Home/lib/security
$ sudo cp cacerts cacerts.orig
$ sudo keytool -importcert -file your_cert_file_here -keystore cacerts

you’ll be prompted to trust it, then you are done.

Update:
In recent versions of OS X (at least 10.9 and 10.10), you can use this command to find your Java home:

$ /usr/libexec/java_home

…then, the cacerts file is located under there, in jre/lib/security.

Also, as Evan T pointed out in the comments, the password is “changeit”. This is pretty much universal for all JVMs I’ve used (including Linux/Windows).

And one more thing. It’s a good idea to specify a -alias parameter when adding the certificate, otherwise it gets added under the alias “mykey”, then if you try to add another one, you get an error, since it’s trying to add another “mykey”.