Grab the certificate from the HTTPS server (e.g. Google)
$ openssl s_client -connect google.com:443

Generate a Java keystore from certificate

$ wget http://bouncycastle.org/download/bcprov-jdk16-146.jar
$ keytool -importcert -file your_signing_certificate.pem -keystore app.keystore -provider org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath bcprov-jdk16-146.jar -storetype BKS