To get the certificate of remote server you can use
openssl tool and you can find it between
BEGIN CERTIFICATE and
END CERTIFICATE which you need to copy and paste into your certificate file (CRT).
Here is the command demonstrating it:
ex +'/BEGIN CERTIFICATE/,/END CERTIFICATE/p' <(echo | openssl s_client -showcerts -connect example.com:443) -scq > file.crt
To return all certificates from the chain, just add
g (global) like:
ex +'g/BEGIN CERTIFICATE/,/END CERTIFICATE/p' <(echo | openssl s_client -showcerts -connect example.com:443) -scq
Then you can simply import your certificate file (
file.crt) into your keychain and make it trusted, so Java shouldn't complain.
On OS X you can double-click on the file or drag and drop in your Keychain Access, so it'll appear in login/Certificates. Then double-click on the imported certificated and make it Always Trust for SSL.
On CentOS 5 you can append them into
/etc/pki/tls/certs/ca-bundle.crt file (and run:
sudo update-ca-trust force-enable), or in CentOS 6 copy them into
/etc/pki/ca-trust/source/anchors/ and run
sudo update-ca-trust extract.
In Ubuntu, copy them into
/usr/local/share/ca-certificates and run