Sync bundles its own JRE and uses the default trust store to verify connections to https servers. This includes the most common top-level CAs. However, enterprises may have their own certificates/CAs that are not included in the default store.
Sync should provide a mechanism to load user-provided certificates. We should provide this in (at least) two ways:
1) Read the trusted certificates specified in the system JRE's by the user/admin. These certificates can be added via the Java Control Panel GUI or by putting the certificates in the path specified in deployment.properties
2) Read trusted certificates from a folder exclusively defined by Sync. In case the client does not have a system JRE installed, users/admins can still put the certificates in a pre-defined folder. Currently, that folder will be ~/.liferay-sync-3/certificates