From each user point of view, there are
2 Java certificate keystore files on a Windows system:
1. System-Level Signer CA Certificates Keystore:
Location: "\Program Files\java\jre7\lib\security\cacerts"
Contents: All signer CA certificates known at the time of Java release
2. User-Level Trusted Certificates Keystore
Contents: Empty by default
You can manage both keystore files either with "Java Control Panel" interface,
or with "keytool" commands.