So I always forget this critical step when dealing with Keystore’s then for next couple of hours I’m breaking keyboards trying to figure out why it’s NOT working. You need to import your cacert from your CA into the java cacert keystore. This is different than the keystore you will be creating for your app.

Note: paths may be a little different for your setup..

Import it
$JAVA_HOME/bin/keytool -import -alias serverCert -file /ssl/cacert.pem -keystore /usr/java/latest/jre/lib/security/cacerts

Verify after it’s installed
$JAVA_HOME/bin/keytool -v -list -keystore /usr/java/latest/jre/lib/security/cacerts -alias serverCert