diff --git a/scripts/.gitignore b/scripts/.gitignore
new file mode 100644
index 0000000000000000000000000000000000000000..21d38329610137403797f8c6d39f69b3cce8ad06
--- /dev/null
+++ b/scripts/.gitignore
@@ -0,0 +1,2 @@
+*.crt
+*.jks
\ No newline at end of file
diff --git a/scripts/fetch-trust-store.sh b/scripts/fetch-trust-store.sh
new file mode 100755
index 0000000000000000000000000000000000000000..cad8fa8d69c818f3e6f0bed8d76058cd91674c71
--- /dev/null
+++ b/scripts/fetch-trust-store.sh
@@ -0,0 +1,15 @@
+#!/bin/bash
+
+set -e
+
+NAMESPACE=${NAMESPACE:-by-enable-dev}
+
+echo "[1.0] Find xta-test-server pod in namespace $NAMESPACE"
+XTA_TEST_SERVER_POD=$(kubectl get pods -n "$NAMESPACE" -l app.kubernetes.io/name=xta-test-server -o jsonpath='{.items[0].metadata.name}')
+
+echo "[1.1] Fetch truststore from xta-test-server pod"
+kubectl cp "$NAMESPACE/$XTA_TEST_SERVER_POD:/store/truststore.jks" xta-test-truststore.jks
+
+echo "[2.0] Show certificate in truststore xta-test-truststore.jks"
+keytool -exportcert -keystore xta-test-truststore.jks -storepass password -alias xta-test-root-ca -file xta-test-root-ca.crt
+openssl x509 -in xta-test-root-ca.crt -text -noout
\ No newline at end of file