Use "keytool" to add certificates for external components or applications:
The vApp's Java keystore located:
/opt/CA/java/jre/lib/security/cacerts
has write privileges for user config.
By using Java's "keytool" command, you should be able to add certificates to the keystore.
You can read more about the keytool command at various links:
docs.oracle.com keytool
Import the certificate to the keystore.
keytool -importcert -keystore /opt/CA/java/jre/lib/security/cacerts -file <path to certificate>
you can optionally add alias:
-alias <alias for certificate>