Can I safely re-use a java keystore file (jre/lib/security/cacerts) between any 'minor releases' and across all vendor-implementations (e.g: oracle/ibm/openjdk)?
I.e. :Will a 'cacerts file' for Oracle Java 1.8.x work with an IBM Java 1.8.y?
What about across releases, will the format always change between major java releases?
Do any exceptions exist (i.e. 'cacerts' format did not change between Java 1.x and 1.y, but changed in 1.z)
The cacerts formats are similar between Oracle and IBM JDK. However the content is not same. Each JDK implementation acquire the certificates from the vendors separately and there can be legal implications using the cacerts between vendors. Also, the certificate exist with one implementation need not exist with another one.
The cacerts are updated even between minor versions and hence it is recommended to use the cacerts released with the JDK build.