To manipulate a trust store from the command line, use the following procedures.
Trusting a specific host
This is used when you want the Hub CLI to trust a specific Hub Server. Start with a new certificate; always copy cacerts unless you have another base trust store. A common mistake is to create a trust store that only trusts a single self-signed certificate which causes other problems.
$ cp "$JAVA_HOME/lib/security/cacerts" "$JAVA_HOME/lib/security/jssecacerts"
$ keytool -printcert -rfc -sslserver hub.example.com | keytool -importcert -keystore "$JAVA_HOME/lib/security/jssecacerts" -storepass changeit -alias hubexamplecomserver -noprompt
Some servers use Server Name Indication (SNI) during handshaking to determine which certificate to return. If so, use OpenSSL s_client to obtain the correct certificate.
$ openssl s_client -connect host.example.com:443 -servername host.example.com </dev/null 2>/dev/null | openssl x509
For more information, refer to keytool - Key and Certificate Management Tool.