Once pkix.useDefaultTrustAnchors is set as true, the gateway will trust the well-known public certificate authorities. The list of trusted anchors (certificates) in the Java keystore are not maintained by the gateway.

All supported versions of the API Gateway

Here is the command to list all the trusted anchors for a gateway 10.0 install, (save to /home/ssgconfig/calist file)
/opt/SecureSpan/JDK/bin/keytool -list -v -keystore /opt/SecureSpan/JDK/jre/lib/security/cacerts >/home/ssgconfig/calist

For a gateway 10.1 and above install use the following command"

/opt/SecureSpan/JDK/bin/keytool -list -v -keystore /opt/SecureSpan/JDK/lib/security/cacerts >/home/ssgconfig/calist

password:changeit


Certificates not signed by the issuers in the list will need to be manually imported into the gateway to be trusted.