In order to import a trusted certificate, click on SSL Certificates Retriever in the KeyStore window. For retrieving certificates,in the host/port fields you must specify the server from which the certificates will be retrieved. If you have a HTTPS URL and you want to retrieve the certificates then you need to enter the host without any path and the port separately. By default the HTTPS port is 443.

The server response is available in the "Response information" area. For the retrieved certificates, the available actions are:

A screenshot for SSL Certificates Retriever action can be seen below:

When importing a selected certificate into the active KeyStore, the certificate trust will be verified in the same way it is verified when importing a trusted certificate into the active KeyStore. If a Trust Path can not be established using the provided TrustStores and the Trust Path validation options (which can be set from Tools > Options > Trust Path Options), a message will be displayed informing about that and asking if the certificate should be displayed for user verification. If "No" is selected, or the dialog is closed, the import operation is aborted. If "Yes" is selected, the certificate details will be displayed, and the user will have the option to continue the import operation (by selecting the "Accept Import" button) or to abort it (by selecting the "Cancel Import" button).