So I like the following in obtaining browser client certs so that my test clients (i.e. io.restassured) can trust them:
openssl s_client -connect www.website.com:443 -showcerts
Then I can import the server cert for my integration tests into a new keystore:
cd ~ /Library/Java/JavaVirtualMachines/jdk1.7.0_80.jdk/Contents/Home/bin/keytool -import -trustcacerts -keystore cacerts -noprompt -file ~/browser_cert.cer
and then have my tests use the specific keystore (~/cacerts) during testing:
System.setProperty("javax.net.ssl.trustStore", "/Users/bfish3/cacerts");
Or, in Bash:
echo "Q" | openssl s_client -connect www.website.com:443 -showcerts 2>/dev/null | grep "BEGIN CERTIFICATE" -A 30 > import.cer keytool -import -trustcacerts -keystore imported_cer.jks -noprompt -file import.cer -storepass changeit