You will need to check which trust store your soa instance is using it validates the mail server's certificate, and then import it into that one. It usually is the custom truststore you configured or the cacerts of the JVM being used. It depends on which classes you are invoking for the client connection so just try either of them or import into both of them. If you want to be which one it is, you can add the following JVM args so it will output that info as debug info: -Djavax.net.debug=SSL,trustmanager
soa instance uses our custom jks for trust and identity and it has already imported certificate (but not the mail certificate).
Now do I need to use same jks(without imported certificate) and will import mail certificate to there and upload for soa instance ?