Command to export a cert from a website to a .cer file (example uses google.com) Tested with git-bash shell on Windows. Assume similar on Mac?
openssl s_client -servername google.com -connect google.com:443 </dev/null 2>/dev/null | openssl x509 -inform PEM -outform DER -out google.com.cer
Command to import into local java truststore (use your own location of JAVA_HOME)
"$JAVA_HOME"/bin/keytool -keystore "$JAVA_HOME"/lib/security/cacerts -importcert -alias google.com -file google.com.cer
- default java keystore password is
changeit - if you get an update denied message, in Windows File Explorer set security on cacerts file to MODIFY for all Users (or chmod on linux)
- if keytool is not found, define a JAVA_HOME environment variable (or replace $JAVA_HOME with the full path)