What would you like Teleport to do?
tsh proxy aws should automatically generates a Java Key Store with the local proxy CA.

What problem does this solve?
Today, it's a pain to setup tsh proxy aws to use with Java SDK or JDBC drivers as the local proxy CA has to be manually added to the "global" Java key store manually (and repeat every tsh session.).

If tsh proxy aws generates the JKS at a constant path, we can set the Java application to use:

-Djavax.net.ssl.trustStore=/Users/stevehuang/.tsh/keys/teleport.dev.aws.stevexin.me/STeve-app/teleport.dev.aws.stevexin.me/aws-dev-localca.jks \
-Dhttp.proxyHost="localhost" -Dhttp.proxyPort=8443

If a workaround exists, please include it.

$ export AWS_CA_BUNDLE=/Users/stevehuang/.tsh/keys/teleport.dev.aws.stevexin.me/STeve-app/teleport.dev.aws.stevexin.me/aws-dev-localca.pem
$ export JAVA_CA_STORE=/opt/homebrew/opt/openjdk/libexec/openjdk.jdk/Contents/Home/lib/security/cacerts
$ sudo keytool -import -alias teleport -file $AWS_CA_BUNDLE -keystore $JAVA_CA_STORE

But JAVA_HOME maybe different on every machine. And have to repeat this per tsh session since we regenerate the local CA.