Check a certificate:
openssl x509 -in tls.crt -text -noout
Check a certificate signer request:
openssl req -test -noout -verify -in tls.crt
Check a private key:
openssl rsa -in tls.key -check
Import a remote certificate into a keystore:
keytool -printcert -sslserver LDAP_SERVER_ADDRESS:PORT -rfc | keytool -import -noprompt -alias CERTIFICATE_ALIAS \
-keystore KEYSTORE_FILE_NAME -storepass KEYSTORE_PASSWORD