There is a SDM task to remove certificates, but I'm not sure that would have any impact. You may want to confirm the root CA you are trying to install is indeed a root CA (issued by itself) and only contains the one certificate. This command should output the subject(s) and issuer(s) in a certificate file.
openssl crl2pkcs7 -nocrl -certfile <certificate.pem> | openssl pkcs7 -print_certs -noout
Here's the documentation on removing certificates from the bundle.
Remove Your Certificates from the Trusted CA Bundle
https://go.documentation.sas.com/doc/en/pgmsascdc/9.4_3.5/secref/n0n1y5gwevy312n13h5bm4yf6quy.htm#p1...
--
Greg Wootton | Principal Systems Technical Support Engineer