For those interested in the answer (took me over night to find :-
)... ) :
let's say you have the following tree :
Globalsign Root CA
..|_GlobalSign Primary Secure Server CA
....|_GlobalSign Secure Server CA
......|_MyCustomerCompany
then you must import all Globalsign* into cacerts and
MyCustumerCompany into a keystore
then in your code, you just specify the keystore for the SSL
implementation since Java will automatically validate higher level
from the cacerts file (wich you can find in "%jre_home%
\lib\security\" folder)