Bruce, I didnt try to load the CA cert only since it is not my intention. My intention is to load the end certificate and it should be ok.
But anyway, there are lots of TLS implementation, in which the servers do not send the whole cert in the certificate chain to the client but only its own certificate although it is not a self signed one, so that I can not import the CA cert on the fly.
Hans, thats a nice method.. Will it return the end certificate only or the whole certs in the chain sent by the server?