I read Andreas' blog again (more carefully). His program seems to extract a certificate from the server's keystore and import it into a new keystore that is created in the current directory. Note that the "jssecacerts" file is a keystore file, not a single certificate.
So it is correct to specify the path to this file in your client. Your assumptions and actions look correct.
I have never done what Andreas' program does programmatically so I cannot comment on it, but maybe you could try to create a new certificate yourself and add it to the client's keystore and server's truststore using the keytool command?
Or use the -exportcert option of the keytool command to export the server's certificate (doing what Andreas' program does "by hand")?
[Message sent by forum member 'dkoper' (dkoper)]
http://forums.java.net/jive/thread.jspa?messageID=263263