Currently certificate key/value pairs can be created automatically via the service.alpha.openshift.io/serving-cert-secret-name annotation. These certificates can then be consumed by client pods via the `/var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt` file. For pods executing Java applications that require encryption it's necessary for each pod to import said file using keytool (either in a local truststore or system wide via `$JAVA_HOME/jre/lib/security/cacerts`).

As many users will be creating client applications within their projects to consume middleware services, we should automate the importing of service-ca.crt into the JRE cacerts as part of the openJDK base image.

An example use case is client pods consuming the JDG caching service (where encryption is enabled by default).