How to extract the root CA from a server certificate?

Your vendor should send you the root CA along with the public key, or have their root CA's posted on their websites. In any case, it's very simple to extract it from the public key. Just follow these steps.

1. Rename the public key file from .pem to .cer
2. On Windows, double click on the file with .cer extension. If your OS is Unix, you will have to transfer the file to a Windows workstation in ASCII mode.
3. You will see 3 tabs: General, Details and Certification Path. Go to Certification Path.
4. In this tab, you will see a list in the form of a tree. The first file in the tree is the root CA, the last one is the server certificate or public key. Click on the root CA (first one). Then click on the "View Certificate" button.
5. The root CA will open up on a separate Window. Go to the "Details" tab.
6. Click on "Copy to File" button.
7. Click on "Next", then select "Base 64" from the list of format options and click "Next" again.
8. Enter a name for your root CA file, anything meaningful to you, like i.e.: VerisignRootCA. The file will be saved with .cer extension.
9. Now you can import this file into your keystore. Cer format works as well as .pem.