Load CA root certificate at runtime in Java

tl;dr: Using custom CA without adding it to persistent keystore.

I am writing a Java application that should connect to a remote server using HTTPS. The code for the connection is ready, however the SSL certificate of the server was signed by StartSSL, which is not in Java's CA root cert store.

Using this code, I get valid certificate information from websites like https://www.google.com/:

Response Code : 200Cipher Suite : TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256Cert Type : X.509Cert Hash Code : -1643391404Cert Public Key Algorithm : RSACert Public Key Format : X.509Cert Type : X.509Cert Hash Code : 771393018Cert Public Key Algorithm : RSACert Public Key Format : X.509Cert Type : X.509Cert Hash Code : 349192256Cert Public Key Algorithm : RSACert Public Key Format : X.509

The same code throws a SSLHandshakeException for my domain (let's call it https://www.example.com/).

Of course I could manually add the certificate to the keystore using keytool (maybe even with Runtime.exec("keytool ...")), but this is way to dirty. What I am planning now is to add the StartSSL root certificate to my application files for distribution and then loading it into some temporary keystore at runtime. This way the "real" keystore remains untouched.

From what I have read here and here, I will have to mess with some classes like TrustManager. I even found a way to completely turn off the validation, but this is not what I want since it seems to eliminate the whole purpose of encrypted communication.

I even found some lines of code that seem to do exactly what I want, but I cannot figure out how to call this method i.e. which values to pass as arguments:

public class SSLClasspathTrustStoreLoader {    public static void setTrustStore(String trustStore, String password) throws Exception {        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509");        KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());        InputStream keystoreStream = SSLClasspathTrustStoreLoader.class.getResourceAsStream(trustStore);        keystore.load(keystoreStream, password.toCharArray());        trustManagerFactory.init(keystore);        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();        SSLContext sc = SSLContext.getInstance("SSL");        sc.init(null, trustManagers, null);        SSLContext.setDefault(sc);    }}

Has anyone been in a similar situation before? I will appreciate any advice on how to handle this problem. If you could even help me to get the above code running, I'd be really happy!