You can also consult readlink -f "which java". However it might not work for all binary wrappers. It is most likely better to actually start a Java class.
Under Linux, to find the location of $JAVA_HOME:
readlink -f /usr/bin/java | sed "s:bin/java::"
the cacerts are under lib/security/cacerts:
$(readlink -f /usr/bin/java | sed "s:bin/java::")lib/security/cacerts
Under mac OS X , to find $JAVA_HOME run:
/usr/libexec/java_home
the cacerts are under Home/lib/security/cacerts:
$(/usr/libexec/java_home)/lib/security/cacerts
UPDATE (OS X with JDK)
above code was tested on computer without JDK installed. With JDK installed, as pR0Ps said, it's at
$(/usr/libexec/java_home)/jre/lib/security/cacerts
If you need to access those certs programmatically it is best to not use the file at all, but access it via the trust manager. The following code is from a OpenJDK Test case (which makes sure the built cacerts collection is not empty):
TrustManagerFactory trustManagerFactory =
TrustManagerFactory.getInstance("PKIX");
trustManagerFactory.init((KeyStore) null);
TrustManager[] trustManagers =
trustManagerFactory.getTrustManagers();
X509TrustManager trustManager =
(X509TrustManager) trustManagers[0];
X509Certificate[] acceptedIssuers =
trustManager.getAcceptedIssuers();
So you don’t have to deal with file location or keystore password.
In MacOS Mojave, the location is:
/Library/Java/JavaVirtualMachines/jdk1.8.0_192.jdk/Contents/Home/jre/lib/security/cacerts
If using sdkman to manage java versions, the cacerts is in
~/.sdkman/candidates/java/current/jre/lib/security
In High Sierra, the cacerts is located at : /Library/Java/JavaVirtualMachines/jdk1.8.0_25.jdk/Contents/Home/jre/lib/security/cacerts
As of OS X 10.10.1 (Yosemite), the location of the cacerts file has been changed to
$(/usr/libexec/java_home)/jre/lib/security/cacerts
Source: Stackoverflow.com