The following is just one example of how to add the new G2 Root Authority certificates into an existing Java keystore so that your application will trust a G2 certificate presented by spine when your system initiates a connection.
In our example the java keystore is in a JKS format and called "LIVE_G2.jks", The root certificate is present in the same directory in a file called "NHSRootAuthorityG2.crt".
We use the java keytool exe which needs to be present in the system PATH or run diectly from its file location. Keytool can be located in your local java installation directory "C:\Program Files\Java\%Java Version%\bin" for example "C:\Program Files\Java\jre1.8.0_201\bin".
The "-alias G2rootca" provides the certificate with an alias string for reference and is configurable to whatever your application requires.
After entering the command you will need to enter the keystore password and then enter YES when prompted to trust the certificate.
Once successfully imported you will need to repeat the process for the Subordinate CA "NHS Authentication G2"
Please note you must use a different alias for every trusted certificate you import.
To list trusted certificates in an existing keystore you can use the command keytool -list -keystore LIVE_G2.jks