We load our institutional CA into the Java keystore for LDAP connections. After a recent Java upgrade, that CA was not loaded automatically and it looks like the keystore that we had loaded it into was replaced.

Is there some blessed way to load CA certs into the keystore so that they are kept around even on upgrades?

Running SLES 12 at the moment. Thanks!