ssl - How to remove the self-signed root from tomcat 6 server? -

i have geotrust extended validation ssl certificate. server tomcat 6. did following things:

1 - generate key store file

keytool -genkey -alias -keyalg rsa -keysize 2048 -keystore -sigalg sha256withrsa 

2 - generate csr

keytool -certreq -alias -file -keystore -sigalg sha256withrsa 

3 - import downloaded p7b file provided symantec against csr , imported certificate

keytool -import -alias -trustcacerts -file -keystore 

everything works fine symantec's ssl toolbox showing following warning

recommendations: root installed on server. best practices, remove self-signed root server.

any ideas how can remove root server avoid warning?

to remove root self signed certificate tomcat, need remove java installation. action performed via keytool binary exectuable found on bin folder inside java jdk installation.

the options should use delete self signed certificate tomcat following:

keytool -delete -noprompt -alias ${cert.alias} -keystore ${keystore.file}  -storepass ${keystore.pass} 

for example, remove self signed cert called tomcat had installed on machine, had use following:

"%java_home%\bin\keytool" -delete -noprompt -alias tomcat 

more info at:

https://docs.oracle.com/javase/6/docs/technotes/tools/windows/keytool.html