Howdy! Is it possible to tell tomcat to NOT send the root for a certificate chain? I am trying to support some old VeriFone terminals that are pretty limited what they expect when dealing with SSL. I've gotten a new domain certificate issued by Go Daddy, and in my keystore I've installed this along with the Go Daddy intermediate cert and the cross that links it back to the older SHA-1 root that my devices understand. When negotiating an SSL connection, tomcat is sending the domain, intermediate and cross certs that are in my keystore, but it is also finding the root and sending that down. This is confusing my devices as they interpret this to mean this is a self-signed key chain and they then refuse to talk to my server.
Thanks, Tad
