Sample code for 30+ languages & platforms
Java

Load Particular CA Certs into a Java KeyStore

See more Java KeyStore (JKS) Examples

Opens a PEM file containing many CA root certificates, and creates a Java keystore containing a subset of the certificates.

Chilkat Java Downloads

Java
import com.chilkatsoft.*;

public class ChilkatExample {

  static {
    try {
        System.loadLibrary("chilkat");
    } catch (UnsatisfiedLinkError e) {
      System.err.println("Native code library failed to load.\n" + e);
      System.exit(1);
    }
  }

  public static void main(String argv[])
  {
    boolean success = false;

    // This requires the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    CkJavaKeyStore jks = new CkJavaKeyStore();

    CkTrustedRoots troots = new CkTrustedRoots();

    // Load certificates from a file.
    success = troots.LoadCaCertsPem("qa_data/curl_cacert.pem");
    if (success != true) {
        System.out.println(troots.lastErrorText());
        return;
        }

    CkStringBuilder sbDn = new CkStringBuilder();
    CkStringBuilder sbAlias = new CkStringBuilder();
    boolean caseSensitive = false;

    int i = 0;
    int numCerts = troots.get_NumCerts();
    int numAdded = 0;
    while ((i < numCerts)) {
        CkCert cacert = troots.GetCert(i);
        sbDn.Clear();
        sbDn.Append(cacert.subjectDN());
        if (sbDn.Contains("Entrust.net",caseSensitive) == true) {
            System.out.println(cacert.subjectDN());

            // The alias is an arbitrary unique string for each cert in the JKS.
            sbAlias.Clear();
            sbAlias.Append("cacert_");
            sbAlias.AppendInt(i+1);
            jks.AddTrustedCert(cacert,sbAlias.getAsString());
            numAdded = numAdded+1;
            }

        i = i+1;
        }

    // Verify the number of certs in the JKS equals the number we added.
    int numJksCerts = jks.get_NumTrustedCerts();
    System.out.println("NumTrustedCerts = " + numJksCerts);
    if (numJksCerts != numAdded) {
        System.out.println("Something is amiss!");
        return;
        }

    // Save the JKS.
    success = jks.ToFile("myPassword","qa_data/jks/entrust_caCerts.jks");
    if (success != true) {
        System.out.println(jks.lastErrorText());
        return;
        }

    System.out.println("Success.");

    // The output of this program when tested was:

    // C=US, O=Entrust.net, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Secure Server Certification Authority
    // O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
    // C=US, O="Entrust, Inc.", OU=www.entrust.net/CPS is incorporated by reference, OU="(c) 2006 Entrust, Inc.", CN=Entrust Root Certification Authority
    // NumTrustedCerts = 3
    // Success.
  }
}