Set JRE to use Windows trust store, specifically the user's trust store

A keystore of type Windows-ROOT should work -- it should access the TrustedRootCAs portion (line in MMC/certmgr.msc, tab in inetopt.cpl) of the store for the current user. On my system, which is 8.1 Home with UAC at max, but not in a domain or workgroup and no policy changes (at least none I authorized), Java code is able to insert into Windows-ROOT -- BUT it does pop a dialog about "Warning: about to install CA cert blah blah this may be a security risk blah blah" which I have to click; if the process doesn't have access to the 'workstation' (display) I don't know what happens and it wouldn't surprise me if it fails. Confirmed with both my normal id (local,admin) and Guest (local,peon); as a standalone system I have no real computer account, only 'local machine' which IINM is actually LocalSystem, and the insert does NOT go there.

You could try instead Windows-MY which should and for me does access the Personal portion of the store for (again) the current user; for me that works WITHOUT the dialog described above. Personal is intended for certs with privatekeys that can be used to authenticate this machine/user to server(s) or recipient(s), and having in there a cert-only used to trust another system may confuse or even alarm your more knowledgeable users, but it does work for me.

The JSSE Reference Guide answers your question.

In this case, if such a property exists but the file it specifies does not, then no truststore is used. If no javax.net.ssl.trustStore property exists, then a default truststore is searched for. If a truststore named java-home/lib/security/jssecacerts is found, it is used. If not, then a truststore named java-home/lib/security/cacerts is searched for and used (if it exists).

If you don't have permissions to overwrite one of these two files jssecacerts or cacerts, the answer to your question is NO.

Besides javax.net.ssl.trustStoreType=Windows-ROOT I had to also define javax.net.ssl.trustStore=NUL for this to work on Windows, even though println(System.getProperty('javax.net.ssl.trustStore')) printed null. See also https://newbedev.com/import-windows-certificates-to-java

Since I needed this for Gradle I had to add the following to my gradle.properties:

systemProp.javax.net.ssl.trustStore=NULsystemProp.javax.net.ssl.trustStoreType=Windows-ROOT

After running Gradle once with this configuration I no longer needed the systemProp.javax.net.ssl.trustStore=NUL, until I added another maven repository. Then I got a PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target again.

It seems that Gradle caches this certificate somewhere, because after deleting the .gradle directory in my user home, I also needed systemProp.javax.net.ssl.trustStore=NUL again. So it is probably best to leave it there.