//===========加载 ca 证书==================================
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
if( null != caCrtFile ){
// 加载本地指定的 ca 证书
// bcprov-jdk16 读取证书的方法
// PEMReader reader = new PEMReader(new InputStreamReader(new ByteArrayInputStream(Files.readAllBytes(Paths.get(caCrtFile)))));
// BufferedReader br = new BufferedReader(new FileReader(caCrtFile));
// X509Certificate caCert = (X509Certificate)reader.readObject();
// reader.close();
// bcprov-jdk15on 读取证书的方法
InputStream inStream = new FileInputStream(caCrtFile);
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509Certificate caCert = (X509Certificate)cf.generateCertificate(inStream);
// CA certificate is used to authenticate server
KeyStore caKs = KeyStore.getInstance(KeyStore.getDefaultType());
caKs.load(null, null);
caKs.setCertificateEntry("ca-certificate", caCert);
// 把ca作为信任的 ca 列表,来验证服务器证书
tmf.init(caKs);
参考:https://docs.oracle.com/javase/7/docs/api/java/security/cert/X509Certificate.html