When there are multiple certificate chains on a Keyring, what is the method to determine which certificate chain is being used?

Top Secret can trace the calls and the keyring being read, but we do not have a trace that shows the certificate and the chain that is being used. IBM has an SSL trace that will show the connection being established between point A and point B and which certificates(s) are involved. Contact IBM for the commands and SSL trace information.

You may find the following links helpful:

https://www.iis.net/learn/troubleshoot/security-issues/troubleshooting-ssl-related-issues-server-certificate

http://www.ibm.com/support/knowledgecenter/SSQ2R2_9.1.1/com.ibm.guide.cookbook.doc/topics/_toc298325218.html

http://www-01.ibm.com/support/docview.wss?uid=swg21665094