The Java ME Platform SDK command line tools described in Manage Certificates (MEKeyTool) manage the emulator’s list of root certificates.
Real devices have similar lists of root certificates, although you typically cannot modify them. When you deploy your application on a real device, you must use signing keys issued by a certificate authority whose root certificate is present on the device. This makes it possible for the device to verify your application.
Each emulator instance has its own _main.ks file located in its appdb directory.
The micro keystore, _main.mks resides in the following directory.
This directory also contains keystore.ks and serverkeystore.ks. You can use the -import option to import certificates from these keystores as described in Manage Certificates (MEKeyTool).