I have a question regarding open banking and PSD2 eIDAS certificates that is needed by the TPPs to identify themselves to an APSPSs. Basically an eIDAS certificate is issued by a QTSP to the TPPs. the question I have is what is the best way to establish a trust chain to validate the eIDAS certificate. EBA has provided a trust list browser https://webgate.ec.europa.eu/tl-browser/#/ however the trust list is only providing the intermediate CAs with a view that we don't need root CAs to validate an eIDAS certificate as long as the QTSP which sings the eIDAS certificate is present in the EU trust list. In my view there is a fundamental gap in the understanding of EBA because most of the current firewalls need the entire certificate chain to establish the trust.
Is there any way to configure a TrustAnachor in spring-boot embedded tomcat? will it work without having top level root CAs? basically my use case involve TLS MA connection so can it work with purely on the certificate present in the TrustAnchor?
Any help on above will be highly appreciated.