Here is how to enumerate and verify the validity of the certificates in a given JVM trust database:

From the java/jre/lib/security directory issue the following command:

	java/bin/keytool -list -v ./cacerts

It will output all of the certificates installed in the Java certificate database.  Here is an example:

Alias name: gtecybertrust5ca
Creation date: May 10, 2002
Entry type: trustedCertEntry

Owner: CN=GTE CyberTrust Root 5, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corp
Issuer: CN=GTE CyberTrust Root 5, OU="GTE CyberTrust Solutions, Inc.", O=GTE Cor
Serial number: 1b6
Valid from: Fri Aug 14 07:50:00 PDT 1998 until: Wed Aug 14 16:59:00 PDT 2013
Certificate fingerprints:
         MD5:  7D:6C:86:E4:FC:4D:D1:0B:00:BA:22:BB:4E:7C:6A:8E
         SHA1: 47:C5:4C:BC:DA:5D:76:CE:62:88:38:11:AC:11:66:5D:55:F4:2C:00


In the event a CA certificate is no longer valid an updated certificate can be received from the authority and placed into the certificate database. Here is the basic process:

1: Get updated valid certificates from the CA. For example updated Verisign certificates can be downloaded here -> http://www.verisign.com/support/roots.html

2: Remove the expired certificates:

	java/bin/keytool -delete -alias CERTIFICATENAME -keystore ./cacerts

3: Import the new certificates:

	java/bin/keytool -import -alias NEWCERTNAME -file /PATH/TO/DOWNLOADEDCERT -keystore ./cacerts

	When prompted respond "YES" to trust this certificate.