Sample code for 30+ languages & platforms
PHP Extension

Load Particular CA Certs into a Java KeyStore

See more Java KeyStore (JKS) Examples

Opens a PEM file containing many CA root certificates, and creates a Java keystore containing a subset of the certificates.

Chilkat PHP Extension Downloads

PHP Extension
<?php

include("chilkat.php");

$success = false;

// This requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.

$jks = new CkJavaKeyStore();

$troots = new CkTrustedRoots();

// Load certificates from a file.
$success = $troots->LoadCaCertsPem('qa_data/curl_cacert.pem');
if ($success != true) {
    print $troots->lastErrorText() . "\n";
    exit;
}

$sbDn = new CkStringBuilder();
$sbAlias = new CkStringBuilder();
$caseSensitive = false;

$i = 0;
$numCerts = $troots->get_NumCerts();
$numAdded = 0;
while (($i < $numCerts)) {
    // cacert is a CkCert
    $cacert = $troots->GetCert($i);
    $sbDn->Clear();
    $sbDn->Append($cacert->subjectDN());
    if ($sbDn->Contains('Entrust.net',$caseSensitive) == true) {
        print $cacert->subjectDN() . "\n";

        // The alias is an arbitrary unique string for each cert in the JKS.
        $sbAlias->Clear();
        $sbAlias->Append('cacert_');
        $sbAlias->AppendInt($i + 1);
        $jks->AddTrustedCert($cacert,$sbAlias->getAsString());
        $numAdded = $numAdded + 1;
    }

    $i = $i + 1;
}

// Verify the number of certs in the JKS equals the number we added.
$numJksCerts = $jks->get_NumTrustedCerts();
print 'NumTrustedCerts = ' . $numJksCerts . "\n";
if ($numJksCerts != $numAdded) {
    print 'Something is amiss!' . "\n";
    exit;
}

// Save the JKS.
$success = $jks->ToFile('myPassword','qa_data/jks/entrust_caCerts.jks');
if ($success != true) {
    print $jks->lastErrorText() . "\n";
    exit;
}

print 'Success.' . "\n";

// The output of this program when tested was:

// C=US, O=Entrust.net, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Secure Server Certification Authority
// O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
// C=US, O="Entrust, Inc.", OU=www.entrust.net/CPS is incorporated by reference, OU="(c) 2006 Entrust, Inc.", CN=Entrust Root Certification Authority
// NumTrustedCerts = 3
// Success.

?>