I am writing my own client implementation in Java that uses SSLEngine with all its complexities to connect to a HTTPS server. So far so good, but I have to manually download the certificate and create a keystore before I want to connect to the HTTPS server. To do that I manually run openssl and keytool in the command-line.
That must be a way to do that process programmatically in the client itself so when it tries to connect to a new HTTPS site nothing needs to be done beforehand.