Obtain the HTTPS SSL certificate for the URL and save it to Truststore

First, generate PEM file

Here is the Mail sending interface example HTTPS://API.MAILGUN.NET/V3/, first run the following command:

api.mailgun.net 443 -prexit-showcerts

The results of the implementation are as follows:

CONNECTED (00000003) Depth=1C = US, O ="Thawte, Inc.", CN =Thawte SHA256 SSL caverify error:num= -: Unable to get local issuer certificate---Certificate Chain0S:/c=us/st=texas/l=san antonio/o=rackspace US, inc/ou=mailgun/cn=*. mailgun.com I:/c=us/o=thawte, inc./cn=Thawte SHA256 SSL CA-----BEGIN CERTIFICATE-----MIIGRJCCBS6GAWIBAGIQCPBE+LQWTPS2UTD0ORNMGJANBGKQHKIG9W0BAQSFADBDMQSWCQYDVQQGEWJVUZEVMBMGA1UECHMMDGHHD3RLLCBJBMMUMR0WGWYDVQQDEXR0AGF3DGUGU0HBMJ U2ifnttcbdqtaefw0xnjaymdkwmdawmdbafw0xoda0mdgymzu5ntlamhkxczajbgnvbaytalvtmq4wdaydvqqiewvuzxhhczeumbiga1uebxqlu2fuiefudg9 Uaw8xgjaybgnvbaouevjhy2tzcgfjzsbvuywgsw5jmrawdgydvqqlfadnywlsz3vumrywfaydvqqdfa0qlm1hawxndw4uy29tmiibijanbgkqhkig9w0baqef AAOCAQ8AMIIBCGKCAQEAYZQJUMOUQSKSJ+ypj6ndmfkmfa39axzkxisvvssmgsquupfo3awndo4aagnjjn8ofwhqozthbfnz04rdkgv0e22gyrroopcd88mhokjkev04tvc93/mqyavqq3ou7b/gafufcdu1z5s+YGN1IMEXR4IMCZLFSS1SZWZ03WOFEEGNXR31N6WLOOWCBEVD58V4ZANNTM9AJWV0UHPD72NZBPWVFQYWY3VQRFK/5e5nbwjfcixs85ube9l5id71d49f9xrctplvainkktjvau627wgg9vs2kmzfxd+XJTCJZDPHWCW/pohxczfyiavp2tf5b7jwjfyp4zkkt8kh8cr/5qidaqabo4ic/JCCAVOWJQYDVR0RBB4WHIINKI5TYWLSZ3VULMNVBYILBWFPBGD1BI5JB20WCQYDVR0TBAIWADBUBGNVHSAEZZBLMGMGBMEBDAECAJBZMCYGCCSGAQUFBW Ibfhpodhrwczovl3d3dy50agf3dguuy29tl2nwczavbggrbgefbqccajajdcfodhrwczovl3d3dy50agf3dguuy29tl3jlcg9zaxrvcnkwdgydvr0paqh /Baqdagwgmb8ga1udiwqymbaafcuana4bgdgw4xb6beardqpovzaumcsga1udhwqkmciwikaeobyggmh0dha6ly90zy5zew1jyi5jb20vdgcuy3jsmb0ga 1udjqqwmbqgccsgaqufbwmbbggrbgefbqcdajbxbggrbgefbqcbaqrlmekwhwyikwybbquhmagge2h0dha6ly90zy5zew1jzc5jb20wjgyikwybbquhmakggm H0DHA6LY90ZY5ZEW1JYI5JB20VDGCUY3J0MIIBFGYKKWYBBAHWEQIEAGSCAW4EGGFQAWGADGDD6X0REG1PPICLGA2BAHB+lo6dadvcii09ectntuy+ZAAAAVLIMQUYAAAEAWBHMEUCIQDW4WPN51UJDWJQEFVSO+c+Nye3rqkv6dw6xfenea8pugigixmlvoe+r1/MVLT4J3A9N7VEXNSTQI1AV1IMMGHNH5IADGCKUQMQTBHYFIE7E6LMZ3AKPDWYBPKB37JJD80OYA3CEAAAAVLIMQVLAAAEAWBHMEUCIQCBXZ +Esy2e3s4yn4gmkxhyg5aeb+5l8cn4/eg9prdpiwigb4njn6xukjeglksoorfjejs+hbahhozrws7cagc774gadgbo9pj4h2scvjqm7rkohuz8cvfdz5purnekz6y7t0/7xAAAAVLIMQVHAAAEAwBHMEUCIH5+rt1+ohqpjigeseqjomzv8/lnufe7rcti1daixk8saieaqycc8agehr5pbhwupglx3ioxza2ekda90flf2koq9d0wdqyjkozihvcnaqelbqadggebacpqesoobl82tmxdggbgqotu03b K+9ll0uxoszgp+Tjnjrb4b7p4svam/z8xikmgt3z3bp/wjytn71blvbamdljcfhnna6ayhe/SV91ENMMCEXSSN5YDJWTTWO8KK7PA944DOJ1VHPBMD3UGYTX1LUFTPE0++yujvfv0dwvl/f7vfqm8zytobf9bwqf7oedinr5qqaghgenofjstinalotvmivbnzkrft8xkk4f3tq73v5it+CYLMMLNHO6OLLP4YNEUGGLCMV2XV+hynkewzeiidtlshceedioep1flkxt+BWJID2V4M4CQFAVIZBQ/ino+dm9shcae02jwwsgxesm=-----END CERTIFICATE-----1S:/c=us/o=thawte, inc./cn=Thawte SHA256 SSL CA i:/c=us/o=thawte, Inc./ou=certification Services division/ou= (C) -Thawte, Inc.-for authorized use Only/cn=thawte Primary Root CA-G3-----BEGIN CERTIFICATE-----Miiewjcca6qgawibagiqnjsegmmcjmm2vi5s5a1xmjanbgkqhkig9w0baqsfadcbrjelmakga1uebhmcvvmxftatbgnvbaotdhroyxd0zswgsw5jljeom Cyga1uecxmfq2vydglmawnhdglvbibtzxj2awnlcybeaxzpc2lvbje4mdyga1uecxmvkgmpidiwmdggdghhd3rllcbjbmmuic0grm9yigf1dghvcml6zwqgdx Nlig9ubhkxjdaibgnvbamtg3royxd0zsbqcmltyxj5ifjvb3qgq0eglsbhmzaefw0xmza1mjmwmdawmdbafw0ymza1mjiymzu5ntlamemxczajbgnvbaytalv Tmruwewydvqqkewx0agf3dgusieluyy4xhtabbgnvbamtfhroyxd0zsbtseeyntygu1nmienbmiibijanbgkqhkig9w0baqefaaocaq8amiibcgkcaqeao2mr 1lpdok6wz7lmon8gfferr3edi2jzvvmc2qrlhcbepxewvpmxi53oo4dizld1tlco25p1jo5wumrszooqifxege2oony9vmeykbl5nydiylbukgdeay3nyq1ja hjyq2m8hrgffa2ijadqicn7wcz4cv8suonm04d9v+y5uv9dmy5+jtukbnfgjlnem5mmrsq2rkizo6/Ekg97byegmyxqnstsd8kan8npro0+g/fd89n4bnsgv8t7kdkqm/dmupjf5cjonhs/Ikjc8hvwd0bbbwsyotvmxcmpeua/AKBWKDXSGYOGE7MX7UARQID2QZL9VM0XUPSLTDYLMROLIWIDAQABO4IBRDCCAUAWMGYIKWYBBQUHAQEEJJAKMCIGCCSGAQUFBZABHHZODHRWOI8VB2NZC C50agf3dguuy29tmbiga1udeweb/WQIMAYBAF8CAQAWQQYDVR0GBDOWODA2BGPGHKGBHVHFAQC2MCGWJGYIKWYBBQUHAGEWGMH0DHBZOI8VD3D3LNROYXD0ZS5JB20VY3BZMDCGA1UDHWQWMC 4wlkaqocigjmh0dha6ly9jcmwudghhd3rllmnvbs9uagf3dgvqq0etrzmuy3jsma4ga1uddweb/WQEAWIBBJAQBGNVHREEIZAHPB8WHTEBMBKGA1UEAXMSVMVYAVNPZ25NUETJLTITNDE1MB0GA1UDDGQWBBQRMJWUARG4MOFWEGXGEXAJZR2QFDAFBGNVHS megdawgbstbkquyjzt5p/6pgp0k2md97zzvzanbgkqhkig9w0baqsfaaocaqeadkzw6k+Tlhn7jvknseslzel6san0awwtcbfggpczyipj1pmv8mcenqgyidu0ld80vhuzvs+o8euzmrdywrnbnnp1youugnfcxwrbqodqdbydzcv/G9ZVLMEL57M2KVOG2QMQ0T17STORB74P8MBCQZEADI480X2LEXQC+U6ljbbiud5wgvchjd9lw7tjzlynrqxt8/lvdmgr/dj4cpx4eex0p60g9z3x7hd2e6zmji3bp8byeq6ruvlmg3knzxaz1vpgnobd7mwu8n2qjfjgukzw63rhvqbzga5xtmdh59tp7dqgkcorplrzqw4a54e3k +taysydz29jtbsg2azi8a==-----END CERTIFICATE--------Server Certificatesubject=/c=us/st=texas/l=san antonio/o=rackspace US, inc/ou=mailgun/cn=*. Mailgun.comissuer=/c=us/o=thawte, inc./cn=Thawte SHA256 SSL CA---No client certificate CA names sentpeer signing Digest:sha512server Temp KEY:ECDH, P- the, thebits---SSL handshake has read3342Bytes and written434bytes---New, TLSv1/sslv3, Cipher is ecdhe-rsa-aes128-gcm-sha256server Public Key is2048bitsecure renegotiation is supportedCompression:NONEExpansion:NONENo ALPN Negotiatedssl-Session:Protocol:TLSv1.2Cipher:ecdhe-rsa-aes128-gcm-SHA256 Session-id:e279b2fa33421d0a68d77e6405256671a7e0438d8f61c9a85fb67abe40b07437 Session-id-Ctx:master-Key:9a46cdba8230b31f0ad744a49aeb97d44346dd26687689c5bf52a1f93bc4f0efc4a8dfcd1f38de35ff6007e4823ed0c7 Key -Arg:none PSK identity:none PSK identity hint:none SRP username:none Start time:1493541740Timeout: -(sec) Verify return code: -(Unable to get local issuer certificate)---

Save the output as a PEM file, where I save it as a file named Mailgun.pem.

Second, import the certificate into the Truststore file

CP $JAVA _home/jre/lib/security/cacerts  trustore

In essence keystore and Struststore file format is one thing, KeyStore is usually the private key, Truststore store is the public key.

Import certificate (initial password is Changeit):

Keytool-import-alias GCA-file mailgun.pem-keystore truststore

The import will be prompted for success. Good LUCK

Third, reference

Https://www.cloudera.com/documentation/enterprise/5-8-x/topics/cm_sg_create_key_trust.html

such as

Obtain the HTTPS SSL certificate for the URL and save it to Truststore