Building a Trust Store
If the CA certificates are in PEM format, you only need to concatenate them to build the trust store; for example:
cat <ca-cert-1>.pem <ca-cert-2>.pem ... <ca-cert-n>.pem >
<truststore>.pem
If the CA certificates are not in PEM format, convert them to PEM format first and then concatenate them.
If the CA certificates are in PKCS12 format, do the following:
openssl x509 -in <ca-cert-i>.p12 -out <ca-cert-i>.pem
If the CA certificates are in DER format, do the following:
openssl x509 -in <ca-cert-j>.der -inform PEM
-out <ca-cert-j>.der -outform PEM