I'm using Apache Commons Net FTPSClient to build a FTPS plugin for my web application. A user can use my application and connect to his/her FTPS server and pull files into my application which does some functionality with those files. If the user is using a self-signed certificate, I am reading that Java causes issues which can be resolved in a few ways as answered here by @dave_thompson_085. I cannot change my JRE trustStore since my application is hosted on servers that I don't have access to. The last option - "code your own truststore. Create a java.security.KeyStore and load it with data containing your cert, then create a real javax.net.ssl.TrustManager and .init it with your keystore; then use that TrustManager in your SSLContext." I'm not sure I understand what this means. Does this again involve changing the keystore and require JRE to pick up these changes? Also, is there an explicit method in the library to add a certificate file? Where do I add the certificate file for Java or the library to verify in the first place.
To answer your question directly, no, your not editing the cacerts file directly via command line or keytool or anything like that. This method refers to creating an object instance of KeyStore or JKS, so JRE doesn't pickup any changes you're doing this within the code and then using the a trust manager init'd with the keystore you've created to connect via SSL. Loosely speaking, you're overriding the default keystore which is the cacerts file, programmatically in order to avoid changing the flat file outright.
There are explicit methods to add files to Keystores.
Add the cert to the KeyStore instance.
You might want to checkout BouncyCastle's library. Its really, really great for what you're trying to do. Maybe even a little overkill but really great.