When there are multiple certificate chains on a Keyring, what is the method to determine which certificate chain is being used?

Top Secret can trace the calls and the keyring being read, but we do not have a trace that shows the certificate and the chain that is being used. IBM has an SSL trace that will show the connection being established between point A and point B and which certificates(s) are involved. Contact IBM for the commands and SSL trace information.

You may find the following links helpful:

Troubleshooting SSL related issues (Server Certificate)

IBM MQ : Generating System TLS (formerly SSL) trace on IBM z/OS