I wonder if I am able to make a connection using curl like the following command,
curl --cacert some.pem https://someurl.com/resource
You need to create a keystore (which you'll use as a trust store) from the PEM file. This can be done as follows.
keytool -import -file cacert.pem -alias myca -keystore truststore.jks
You then need to use this keystore as a truststore.
If you wish to do this for a specific connection only, you should follow this answer.
If you want to do this for all connections in your application (or at least those that don't change the default), you can use the javax.net.ssl.trustStore
(and related) system properties (see the Customization section of the JSSE Reference Guide). The problem if you want to do this for your entire application is that default trusted CAs won't be included. An easy way around this is to make a copy of the cacerts
file bundled with your JRE and use it as a starting point for truststore.jks
.
Alternatively, you can import the certificate directly into the global cacerts
file, but this will make that certificate trusted by default on all applications running on this JRE.
(You can also find more about the distinction between keystore and truststore in this answer.)