Once pkix.useDefaultTrustAnchors is set as true, the gateway will trust the well-known public certificate authorities. The list of trusted anchors (certificates) in the Java keystore are not maintained by the gateway.
All supported versions of the API Gateway
Here is the command to list all the trusted anchors for a gateway 10.0 install, (save to /home/ssgconfig/calist file)
/opt/SecureSpan/JDK/bin/keytool -list -v -keystore /opt/SecureSpan/JDK/jre/lib/security/cacerts >/home/ssgconfig/calist
For a gateway 10.1 and above install use the following command"
/opt/SecureSpan/JDK/bin/keytool -list -v -keystore /opt/SecureSpan/JDK/lib/security/cacerts >/home/ssgconfig/calist
password:changeit
Certificates not signed by the issuers in the list will need to be manually imported into the gateway to be trusted.