Which trusted root certificates are included in Java?
Go to the "Java Control Panel", "Secure" tab and click on "Certificates". Go to "System" tab and select "Secure CA" or "Secure Sites CA" from the drop down.
IIRC, the certificates are stored in a Java serialised file in jre/lib/security/cacerts
. This is a standard Java keystore that can be manipulated with the keytool utility:
keytool -keystore "$JAVA_HOME\jre\lib\security\cacerts" -storepass changeit -list
I believe Mac OS X now uses the OS to handle certificates.
Although the Oracle JRE (formerly the Sun JRE) comes with a range of certificates as Tom mentioned, on Windows the JRE will also use certificates associated with the current browser by default for applets and Web Start apps (as long as you're using "Internet Explorer 5.0 or higher or Mozilla 1.4 or higher").
It should "just work" if you want to do signature signing verification, HTTPS server authentication or HTTPS client authentication (e.g. signing Web Start applications with a corporate certificate that has already been installed on your machine). For more complicated use cases you might find this document more helpful.