In case you are getting a cert not valid error or the like, make sure you have these tools.
What you'll need
A 'cert' is a X.509 digital certificate. These are maintained by publicly-trusted Certificate Authority (CA).
Pull down your cert from the url using the following command
openssl s_client -showcerts -connect NETWORK_PATH_REFERENCE:PORT > CERT_FILE_NAME.pem
network-path reference is the subdomain.domain.top level domain It is basically a url without the path or scheme.
Since java keytool can only take in binary formats, we need to convert the plain text format of the PEM to a DER. Der is just a binary representation of the cert.
openssl x509 -outform der -in CERT_FILE_NAME.pem -out CERT_FILE_NAME.der
You need to make sure your alias does not already existing in the key store. If there is already a key imported with the alias you are using, you will get an error and you can either change the alias on the existing key or delete it and replace it with your new key.
keytool -import -alias name_of_your_cert \
-keystore ./keystore_file.jks -file CERT_FILE_NAME.der
Or if you don't want to convert it
keytool -import -alias name_of_your_cert \
-keystore ./keystore_file.jks -file CERT_FILE_NAME.pem