Is it possible to configure IS to send a NULL for trussted CA list during an SSL Handshake. In this scenario IS will be the server. We are running into a situation where Microsoft security API is throwing an error because we have too many CA certs in trusted root.
This is an issue with Microsoft’s implementation that is not fixed afaik. The work around is to examine your trustroots and attempt to consolidate. It is best practice to use only a few CA certificates, not trust individual server certificates. Also check for expired CA certs and duplicates. There is a package on advantage which can help look at this (WmCertCheck).