toX5c
Encodes the certificate as JSON Array according to RFC 7515 Section 4.1.6.
Current draft of HAIP spec states "The X.509 certificate of the trust anchor MUST NOT be included in the x5c JOSE header of the Status List Token. The X.509 certificate signing the request MUST NOT be self-signed.". excludeRoot parameter helps to enforce this. Note that including trust root is always redundant, as both the key and the issuer identity must be known to the party that validates the certificate chain.
Return
a JsonElement.
Parameters
excludeRoot
if the last certificate is root (self-signed), exclude it