Once pkix.useDefaultTrustAnchors is set as true, the gateway will trust the well-known public certificate authorities. The trusted anchors are from the java, gateway doesn't maintain the list.
Environment
Release: Component: APIGTW
Resolution
Here is the command to list all the trusted anchors, (save to /home/ssgconfig/calist file) /opt/SecureSpan/JDK/bin/keytool -list -v -keystore /opt/SecureSpan/JDK/jre/lib/security/cacerts >/home/ssgconfig/calist
password:changeit
For those certificates not signed by the issuers in the list, will need to be imported to gateway manually to be trusted.