A customer is wondering about AD LDAPS certificates.
The server certificates are only valid for 1 year.

We tried to import the AD CA root and intermediate certificates into the
Tomcats cacerts keystore, restarted Tomcat and then we tried to create a
AD fulfillment agent. We couldn't connect to the AD until we imported
the server certificate in the Web UI.

They would rather not use server certificates since they only last 1
year and would rather that IG uses the root/intermediate certificates in
the keystore to build a trust path.

Is that possible?

Using 3.0 SP1.