Hi Holm,
this seems to be dependent whether there is a Truststore configured under Security->Certificates or not.
We have a global Truststore configured there for our HTTPS-Ports containing all the CAs, which are not part of the cacerts file and we did not have to import any server side certificates from the external servers since then (neither LDAPS nor WS hosting servers). Only certs we have explicitly configured are our own server certificate into its own Keystore and the Client certificates of our Partners used for Certificate based authentication instead of User/Password based Basic Auth.
Regards,
Holger