Dear oxygen-user,
Thank you, Lee, for pointing me toward the online explanation, but it doesn't help. The instructions seem to have been written for Windows, and I tried adapting them for MacOS, so perhaps that's the source of my difficulty. Here are the details:
A few data points:
I see no option when viewing the certificate in either Chrome or Firefox (by clicking on the security icon to the immediately left of the URL) to export or save the certificate. The instructions at the link Lee mentioned say that I should be able to view a certificate from the browser and then save it to file, but I don't see an option to do that.
The browser accepts the certificate without a question, and doesn't report it as self-signed. It is reported as issued by "Let's Encrypt Authority X3" (under "DST Root CA X3"). Only <oXygen/> seems to think that it is self-signed.
What I tried:
When I browse my Keychain (under System Roots -> Certificates) I see "DST Root CA X3", and nothing else that comes close to matching what I see when I view the certificate in Chrome. I guessed that this was what I wanted, and I exported it from the Keychain, navigated to the JRE folder for <oXygen/>, adjusted the instructions for MacOS (they were written for Windows, with backslashes and explicit paths), and ran the import command. I was notified that "Certificate already exists in system-wide CA keystore under alias <identrustdstx3> Do you still want to add it to your own keystore?". I told it "no" and restarted <oXygen/> and was not able to open the remote URL. So I ran the import again, told it "yes" this time, restarted <oXygen/>, and got the same error about not being able to open the URL.
Best,
David